London, England – (The Hosting News) – October 5, 2005 – As most networks are now relatively well protected
with various security technologies, hackers and other malicious third
parties are redirecting their attacks onto business applications on the web.
Enterprises have responded by employing Web Application Firewall (WAF) technology to
protect their web applications, most of which contain multiple
vulnerabilities due to a lack of proper attention to security factors by
Frost and Sullivan Senior Industry Analyst Jose Lopez explained, “Traditional network security protects lower layers of the open system interconnection (OSI) reference model alone and hence, is incapable of protecting business web applications, which run at layer seven of the OSI. This is where WAF technology comes into play as the only technology available that is capable of safeguarding the integrity of web applications.”
Moreover, the introduction of specific legislations mandating database protection is likely to have a very positive effect on the penetration of the technology. The California Law SB 1386 Act and Japan’s Personal Information Protection Law oblige companies to inform their customers in the event their databases have been, or are suspected to be, compromised by a malicious third party.
Due to the high focus of WAF technology vendors on the financial services market, existing legislations regulating financial services such as Basel II in Europe are also contributing to the uptake of this technology. Despite such legislations and the solid message that most applications are vulnerable and need protection using adequate technology, many enterprises, distributors and value added resellers (VARs) are not fully aware of the existence and benefits of WAF. This is partly because vendors have focused mainly on selling the highly priced technology to financial services while ignoring the potential of other sectors.
According to Mr. Lopez,
“Vendors have realised the folly of such an approach and have started promoting WAF to a broader group of enterprises since late 2004. In addition, specialised media is publishing more information regarding the technology. This growth is fuelled by the increased awareness among organisations regarding the futility of network firewalls and intrusion prevention systems in stopping web attacks and ensuring web applications security.”
However, vendors have to increase their efforts if this technology has to appeal to the mass audience. They have to keep in mind that the price of WAF products is also an important restraint for the penetration of the technology. While prices are affordable for larger enterprises, which understand that the value of their applications and the information they contain is much higher than the actual cost of the solution, there are plenty of medium-sized organisations that are left aside due to the cost of the solutions.
In Europe, many companies are addressing this challenge by providing lower-priced products that appeal to the pockets and needs of smaller businesses. They have also lowered the initial high operational costs since most vendors now understand that this is not a sustainable business model. Though the technology is still expensive, the reduction in operational costs makes the total cost of ownership (TCO) of today’s solutions considerably lower.
“Added to this, the current growth and successful uptake of identity and access management technologies by enterprises are likely to have a direct impact on the development of the WAF market,” says Mr. Lopez. “The ability to control the capabilities of a network’s end users, which could be a substantial threat to information security, is a prudent charge for the security administrator and can boost demand for internal database protection offered by WAF technology.”
To receive further further information on the World Web Application Firewall Market, please send an e-mail to Janina Hillgrub, Corporate Communications, at Janina.Hillgrub@frost.com, with the following information: your full name, company name, title, telephone number, e-mail address, city, state and country.