We are proud and honored to be scored highest in two out of four Use Cases (3.57/5 for API and 3.66/5 for High Security Use Cases) in the latest 2020 Critical Capabilities for Application & API Protection report*, and we believe we are the only vendor to be scored highest in 2 out of 4 use cases.
This report follows the release of the 2020 Gartner Magic Quadrant for Web Application Firewalls wherein Radware has been placed higher and further on the ability to execute and completeness of vision axes with respect to its positioning in the 2019 report.
Positive psychology argues that we should pause and embrace the good when it happens. It’s also good to understand the factors that contributed to a successful outcome in order to leverage them in the future.
So in this blog, we won’t be showing off (well maybe a little – after all, not a bad month for our WAAP technology!), but will rather analyze the reasons behind these endorsements.
Analyst Observations & Recommendations
Per our understanding of the report, Gartner talks about the extension of application protection from core WAF capabilities to a comprehensive set of solutions each addressing a different type of threat. Obviously, this comes as a result of the evolution of the threat landscape, with the emergence of more sophisticated tools– such as human-like bots, for instance – as well as new vulnerabilities (APIs, for example).
This is a twofold complexity – first, of getting a grip of the additional tools that are required and making the most of them, and second, managing the security so it’s maximal and consistent across a distributed information network across premises, private and public clouds. The challenge is even greater due to the velocity of application development and delivery environments today which require protection to be dynamic.
For these reasons, we believe Gartner suggests enterprises adopt a cloud-first strategy, and lay the burden of application security management on the different vendors, who are the experts. In addition, it recommends ensuring a complete coverage of the WAAP threat landscape, noting that enterprises today are looking for the “fantastic four” core capabilities – WAF, DDoS protection, bot management and API protection.
Per Gartner, enterprises should focus on a complete coverage – there are several consolidated offerings out there – rather than on compliance. A possible reason may be that these rules are normally written to address the threat landscape as it was at least 2-3 years prior.
Sharp-eyed professionals have noticed that this year’s report name has changed from Cloud WAF to Cloud WAAP. The reason is the growing importance (and risk) of broad reliance on APIs as the primary form of data exchange between applications, interconnected systems, and backend infrastructure. These APIs are not always under full control. Quite the opposite – they are a major blind spot.
These APIs – whether standard (OpenAPIs) or undocumented – need to be discovered and classified in a catalog, provide authentication and robust protection. Some big names already made headlines due to neglecting API security that ended up with data breaches. APIs are subject to embedded attacks, access violations, denial of service and automated threats.
Radware Technology & Vision
Breadth and depth. Radware focuses on security and excels in it. We believe our strength is robust and effective Web Application and API protection. Our technology combines positive and negative security models, introduces advanced machine learning of HTTP traffic and API calls that substantially reduce labor and TCO, offers fully integrated Bot Management technology as well as DefenseMessaging, a unique signaling and synchronization mechanism between our WAF and DDoS mitigation solutions.
But don’t just take our word for it. Per a recent Gartner Peer Insight review, “Radware WAF solutions are adaptable, scalable and support a hybrid architecture as well…and offer a complete protection against any security issues. The support for top 10 OWASP and 0-day attack protection are particular highlights of the product.”
Continuous innovation. We pride ourselves on our forward-looking acumen. Being ahead of the curve allows us to understand the changing requirements and partner with customers and prospects to design the solutions of tomorrow.
Our Kubernetes WAF, designed to protect containerized applications running as microservices, providing observability to both DevOps & security staff, as well as Alteon Cloud Control for application delivery and security services deployed across various environments are good examples of Radware’s innovation. This leads us to…
Use cases. On one hand, most enterprises are not “cloud-native”. On the other, most new projects leverage contemporary technologies, architectures, and practices. Therefore, many enterprises have a hybrid mix of application development and delivery environments, including premises and cloud-hosted.
It is imperative that each requires some adjustments, posing a challenge to keep web app security unified and consistent across the board. We believe Radware provides the same strong security technology in all form factors – physical or virtual appliance (also integrated with ADC), software plug-ins, Kubernetes sidecar and a fully managed cloud service with a single portal.
*Gartner, Critical Capabilities for Cloud Web Application and API Protection, Jeremy D’Hoinne, Adam Hils, Rajpreet Kaur, John Watts, 10 November 2020
Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D’Hoinne, Adam Hils, Rajpreet Kaur, John Watts, 19 October 2020
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
These graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request.
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.