In the report, The Forrester Wave™: Web Application Firewalls (WAF), Q2 2018, F5 Networks was named a leader for their comprehensive suite of WAF offerings. F5's range of WAF services available in appliance, public cloud, and fully-managed service offerings was noted. F5 believes this diversity of WAF services enables our customers to ensure all web applications have application security options available.
In the recent Lessons Learned from a Decade of Data Breaches report from F5 Labs, over 300 publicly-disclosed cases were reviewed by the threat research team. In 86% of data breach cases, application security was the attack vector. As network and security practitioners have improved the protections and practice of network-layer security, attackers have moved up the stack, deploying command injection and malware-based attacks among others targeting the application layer.
The opening of the Forrester Wave report notes "web applications are defenseless." The application layer comprises components in application code, development frameworks, server platforms, middleware, and host operating systems, making it much more complex than the network layer. These components typically vary by application within the same organization and maintain intricate interdependencies. Simply patching or applying a fix in any of these application components requires testing to ensure that a security remediation doesn’t precipitate broken or unavailable application services.
WAF technology enables security practitioners to deploy compensating controls such as virtual patches to block the exploit of zero day and other web application vulnerabilities. This virtual patching reduces risk by shrinking remediation time to days or hours instead of weeks or months. This WAF capability buys systems administrators and application developers valuable time to deploy long-term patches on application components with proper testing and validation.
More progressive WAF technology such as the F5 Advanced WAF enables security practitioners to apply active defenses such as bot detection and behavioral analytics. This active detection prevents malicious clients from launching attacks at all. F5 believes these kinds of innovative and advanced defense mechanisms are among the reasons F5 achieved the highest possible score in this Forrester Wave in the Attack Response and Execution Road Map criteria.
These advanced technologies are available for any public or private cloud environment via BIG-IP Cloud Edition as a self-managed solution, or as a managed service via Silverline Web Application Firewall. F5 Advanced WAF is also available within a physical F5 appliance, taking full advantage of BIG-IP iSeries hardware to deliver the highest performance WAF on the market.