The need for business agility, spurred by COVID, has caused organizations to adopt a multi-cloud approach, along with the complexity it brings to their operations, security, and workforce. The 2022 F5 State of Application Strategy survey points out that about 77% of organizations are currently multi-cloud. Organizations adopting cloud infrastructure must address any associated risks. While security concerns drive the demand for web application firewalls (WAFs), it’s difficult for enterprises to decide which WAF best fits their needs.
SecureIQLab has published its 2022 Cloud Web Application Firewall (WAF) CyberRisk Validation Comparative Report. The lab evaluated multiple WAF vendors and tested their products. Vendors were chosen based on being market leaders, analyst and enterprise challengers, new market entrants, and interested participating vendors. F5 was ranked as a Leader for its security efficacy, operational efficiency, and return on security investment.
SecureIQLab used over 400 real-world test scenarios with approximately 9,100 attacks to determine comparative scores for the tested cloud WAF vendors. Complete security scores consisted of scores from security categories such as the OWASP Top 10, bot attacks, layer 7 DoS, resiliency, and vulnerable web environment attacks. F5 earned a high complete security score. F5 also demonstrated a high Return on Security Investment (ROSI). Thus, F5 earned a Security Efficacy Leader ranking. The F5 circle in the above Figure 1 depicts F5’s security efficacy vs. ROSI.
The second area of evaluation was operational efficiency. Effective default configurations with customizable security configurations factored into operational efficiency for WAF solutions. SecureIQLab evaluated vendor offerings over five key operational categories: ease of deployment, ease of management, ease of risk management, scalable and elastic capabilities, and logging and auditing capabilities. F5 received strong ratings in operational efficiency. This, combined with F5’s high ROSI, earned F5 an Operational Efficiency Leader ranking. The F5 triangle in Figure 1 depicts F5’s operational efficiency vs. ROSI.
Return on Security Investment (ROSI) was also evaluated, calculated based on prevented losses instead of generated income. This category encompasses security effectiveness, operational efficiency, annual product cost, and annual loss expectancy. The x-axis depicts ROSI values in Figure 1.
Each organization should seek a WAF that fits their needs anywhere the applications and APIs are located—and regardless of the nature and location of the apps’ users. F5’s WAF portfolio, based on its robust BIG-IP Advanced WAF engine, adapts to the unique requirements of today’s modern applications and deployments. It also allows F5 to deliver its WAF solutions closer to where the customer’s applications reside. F5 WAF solutions offer flexible deployment and operational choices to match your organization’s infrastructure, architecture, application location, and expertise without sacrificing efficacy or risk. F5’s WAF engine enables organizations to secure their applications and APIs, wherever they are deployed—public or private clouds, on-premises data centers, or at the edge—and regardless of their architectures: monolithic/legacy, microservices, service mesh, or serverless. It simplifies administrators’ lives by enabling the enforcement of consistent security policies across all applications, anywhere.
Please reach out to your account manager to evaluate the F5 WAF that best meets your application and API security needs.
Here’s a link to the report for more information.
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.