Imperva WAF Customers Provide Insights on Gartner MQ Results
•Download as PPTX, PDF•
3 likes•2,581 views
The document discusses Imperva's positioning in Gartner's 2016 Magic Quadrant for Web Application Firewalls. It provides Imperva's Chief Product Strategist's presentation on the Gartner MQ results, the market definition and trends, Imperva's WAF solutions and vision, and a customer panel discussion. The presentation aims to showcase Imperva as the leader in the WAF market for three consecutive years and discuss their products and features.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (18)
Similar to Imperva WAF Customers Provide Insights on Gartner MQ Results
Similar to Imperva WAF Customers Provide Insights on Gartner MQ Results (20)
More from Imperva
More from Imperva (19)
Recently uploaded
Recently uploaded (20)
Imperva WAF Customers Provide Insights on Gartner MQ Results
- 1. © 2016 Imperva, Inc. All rights reserved. 2016 Gartner MQ for Web Application Firewall (WAF) Results and Customer Insights Terry Ray, Chief Product Strategist, Imperva
- 2. © 2016 Imperva, Inc. All rights reserved. Speaker and Customer Panel Confidential2 Terry Ray, Chief Product Strategist, Imperva, Inc. Ryan McElrath, Chief Technology Officer, americaneagle.com Michael Boucher, Director, Information Risk Management FTD, Inc. Richard Kim, Application Security Engineer, Kellogg Company
- 3. © 2016 Imperva, Inc. All rights reserved. Agenda • Gartner MQ Results • Gartner Market Definition, Market Trends • Imperva Solution and Vision • Customer Insights • Conclusions 3
- 4. © 2015 Imperva, Inc. All rights reserved. Web Application Firewalls 2016 Gartner MQ Results 1 4
- 5. © 2016 Imperva, Inc. All rights reserved. THE ONLY LEADER THREE CONSECUTIVE YEARS 2016 Gartner Magic Quadrant for Web Application Firewalls 5 Gartner “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Claudio Neiva, 19 July 2016. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
- 6. © 2016 Imperva, Inc. All rights reserved. Gartner WAF Market Definition Confidential6 Protects public or internal web applications against a variety of attacks, when the applications are deployed on-premises or in cloud infrastructure Q1: What business problems are you addressing with the Imperva WAF? How long have you been an Imperva customer? Source: Graphics created by Imperva based on Gartner report: “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Claudio Neiva, 19 July 2016. Web Application Firewall • Purpose-built physical/virtual appliances • Modules embedded in App Delivery Controllers • Virtual appliance in cloud Infrastructure (IaaS) • Cloud-based managed service (SaaS) Adjacent Technologies • API gateway, Bot management • Application Self Testing (AST), DB monitoring • Security Information and Event Mgmt. (SIEM) • Runtime Application Self Protection (RASP)
- 7. © 2016 Imperva, Inc. All rights reserved. Gartner WAF Market Overview WW Market Size in 2015 is $516M growing at 21% Confidential7 Q2: What are your top 3 WAF use cases in your current Imperva WAF deployment? What other use-cases you are planning to enable in the near future? Source: Graphics created by Imperva based on Gartner report: “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Claudio Neiva, 19 July 2016. Basic WAF use-cases: • OWASP Top-10 blocking • IP Reputation based blocking • Virtual Patching • SIEM integration • On-premise and cloud app protection NextGen WAF use-cases: • Policies derived from application profiling • Bot mitigation with DDoS and CDN • Alerting/reporting for security analysts • Unified mgmt. for SaaS and On-premises • Mobile application security (API)
- 8. © 2016 Imperva, Inc. All rights reserved. Why Customers Choose Imperva Over Other WAF Solutions Confidential8 Q3: What are your main reasons for choosing Imperva WAF? • Highest Accuracy of Detection • Most Comprehensive Protection • Broadest Deployment Options • Seamless integration with Security Operations • Simplified management for Enterprise Scalability
- 9. © 2016 Imperva, Inc. All rights reserved. Gartner Market Trends – WAF Moving to the Cloud with the Apps Confidential9 Web Servers WAF On-Premises Q4: What are your top concerns when moving or considering to move your apps to the cloud? Source: Graphics created by Imperva based on Gartner report: “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Claudio Neiva, 19 July 2016. 2016 2020 75% 30% Cloud-based WAF Cloud Infrastructures Cloud 25% 70%
- 10. © 2015 Imperva, Inc. All rights reserved. Web Application Firewalls Imperva Solution and Vision 2 10
- 11. © 2016 Imperva, Inc. All rights reserved. Targeted Attacks Access Control Logic Attacks Application Profile Generic Attacks Reputation and Bots DDoS Confidential11 Imperva Hybrid WAF – Functional View High Operational Risk Power of Many High Security Risk Specialized Policy
- 12. © 2016 Imperva, Inc. All rights reserved. Imperva Vision: SecureSphere WAF Market Trends Confidential12 Fraud & functional abuse is becoming common Attack automation is dramatically increasing Underlying application protocols are changing Cloud Adoption is accelerating DevOps methodology is being embraced in leading enterprises
- 13. © 2016 Imperva, Inc. All rights reserved. Imperva Vision: Incapsula Market Trends Confidential13 DDoS attacks breaking records CDNs morphing into application delivery clouds CISOs focus on high risk attacks Customers want to improve agility and coverage Q5: What other application security challenges do you see in the future?
- 14. © 2015 Imperva, Inc. All rights reserved. Web Application Security Imperva WAF Solutions - Summary 3 14
- 15. © 2016 Imperva, Inc. All rights reserved. Imperva Web Application Security 15 Highest Accuracy of detection of both technical and automated attacks, with customizable policies and correlation of multiple attack conditions Broadest Deployment Options – on-premises, in cloud (AWS/Azure), out-of-band/in-line, transparent-bridge, and reverse proxy In-depth Threat Intelligence crowdsourced from customers worldwide and curated by Imperva Defense Center (research team) Comprehensive Protection including IP Reputation, Bot mitigation, Account Takeover protection, and Fraud Prevention services Cloud-based DDoS, WAF content delivery network provides network DDoS protection, load balancing and web app. protection Access Control and Bot Mitigation blocks unwanted IP’s, geo-locations, automated attackers, bad bots, scrapers, spammers
- 16. © 2016 Imperva, Inc. All rights reserved. Q & A: Speaker and Customer Panel Confidential16 Terry Ray, Chief Product Strategist, Imperva, Inc. Ryan McElrath, Chief Technology Officer, americaneagle.com Michael Boucher, Director, Information Risk Management FTD, Inc. Richard Kim, Application Security Engineer, Kellogg Company
- 17. © 2016 Imperva, Inc. All rights reserved. Web Application Firewall Resources Confidential17
Editor's Notes
- Talking Points: In the 2016 Gartner MQ, Imperva is the ONLY vendor in the leaders quadrant for Web Application Firewalls, for an unprecedented third time in a row! Our research indicates that no other company has ever been alone in the Leaders Quadrant for three consecutive years! We have combed through the three-year historical data on Gartner.com for 125 Magic Quadrants across all industries. This speaks to our customer focus, innovation, technical and brand strength, and the lead that we have amassed in the market with both Imperva SecureSphere and Imperva Incapsula. Here are the positive points that Gartner had to say about Imperva. Gartner states “Imperva is a strong shortlist candidate for organizations of all sizes, especially those with high-security requirements or those looking for an easy-to-deploy, cloud-based WAF.” In addition to being the only vendor in the leaders quadrant, Gartner also ranks Imperva as the most visionary. Here are some quotes from the latest Gartner MQ which shows why both SecureSphere and Incapsula are the leaders in WAF. Imperva consistently scores high and wins in competitive assessments when SECURITY is the most weighted criteria SecureSphere is consistently selected for its advanced security, advanced policy learning and integration with database monitoring capabilities Incapsula continuously scores high as the cloud-based WAF. Integrates with SIEMs and always-on IP-protection using GRE tunnels Existing clients are also satisfied with the quality of Imperva solutions. When they put Imperva in competition at renewal times, it is frequently due to security budget shifts or architecture changes
- Market Definition (Page 1) IS This Magic Quadrant includes WAFs that are deployed in front of web applications and not integrated directly on web servers: Purpose-built physical, virtual or software appliances WAF modules embedded in application delivery controllers (ADCs; see "Magic Quadrant for Application Delivery Controllers" ) virtual appliances available on infrastructure as a service (IaaS) platforms Cloud-based managed service (SaaS) IS NOT – These are adjacent technologies that API gateway (e.g. AWS gateway), bot management, Application Self Testing, SIEM, and runtime application self-protection (RASP) are adjacent to the WAF market, and might compete for the same application security budget. This motivates WAF vendors to add relevant features from these adjacent markets when appropriate. Imperva WAF provides Bot mitigation as an option, and the WAF is pre-integrated with enterprise security technologies — such as application security testing (vulnerability scanners), SecureSphere database monitoring, and several SIEM solutions. We also parse RESTful APIs (JSON/XML) and apply policy-based checks to those interfaces. We believe the RASP technology is in its infancy, used mostly in staging (pre-production) environments, and not in production.
- Pg 29: Market Overview: Gartner estimates that the WAF market totaled about $516 million in 2015, representing a growth of 21% Market Size/Geo: Americas represent 45% of the total market, EMEA accounts for 26% of the market, and the Asia/Pacific region accounts for 29%. Pages 30, 31: Basic WAF use-cases that most WAF products provide to some level: Detect OWASP Top-10 attacks (SQL injection, XSS, etc.) IP Reputation feeds which have been there in NGFW, IPS/IDS products DDoS protection – network and app-level On-premise and cloud-based app protection Integrating WAF syslogs with existing SIEM of customer’s choice Next-Gen WAF use-cases that customers are looking for, that competing WAF products do not yet provide. Policies derived from automating application behavior learning/profiling, positive security model – concern that it could disrupt business Bot mitigation is a growing concern, especially for large B2C web applications, in addition to DDoS and CDN across multiple PoPs around the world. Account takeover protection by detecting credential compromise Better alerting/reporting for security analysts, with better actionable information on why web traffic was blocked Mobile application security is driving vendors towards API security features.
- Gartner MQ Report lists a number of “Imperva Strengths” on pages 16 and 17. However, Gartner does not want to endorse any vendor’s strengths over other vendors. Hence, we could not include ”Imperva Strengths” on this slide. Instead, we have decided to communicate what we hear from our customers as our key differentiators, which is also captures in a whitepaper – Five Ways Imperva Surpasses the Competition for Web Application Security. Highest Accuracy of Detection Dynamic Profiling, Correlated Attack validation, Customizable Policies Most Comprehensive Protection Technical attacks (OSAWP Top-10), Business logic attacks (Reputation, Bot mitigation, Account Takeover) Broadest Deployment Options On-premises and in Cloud Infrastructure (AWS/Azure), physical or virtual appliances Cloud-based SaaS service with CDN, DDoS, IP-protection using GRE tunnels Seamless integration with Security Operations Pre-integrated with SIEMs, Vulnerability Scanners, and Malware detection tools Simplified management for Enterprise Scalability Single management server (MX) can manage up to 15 WAF gateways Two tier management using Security Operations Manager (manager of managers) Managed service option with Incapsula – easy to use, minimal configuration, no security expertise required
- Gartner estimates that physical appliance sales, and WAF sales from ADC vendors, has grown slower than average, whereas cloud-based WAF sales grow much faster, but from a smaller base. By year-end 2020, more than 70% of public web applications protected by a web application firewall (WAF) will use WAFs delivered as a cloud service or internet-hosted virtual appliance — up from less than 25% today.
- Let’s look at the Hybrid Deployment use-case further. The cloud-based WAF - Incapsula is offered as a managed service to protect customers against broad DDoS attacks at multiple Points of Presence (PoPs) around the world. <click> The on-premise WAF – SecureSphere is used by customers who have more in-house security expertise to protect applications against targeted web attacks. <click> If you look at the type of attacks in a continuum, most noisy web traffic coming from badly reputed Ips/Bots can be blocked in the cloud using Incapsula. The more sophisticated attacks to exploit business logic, or uses application profiling techniques can be blocked using customizable policies SecureSphere. <click> Imperva ThreatRadar provides the threat intelligence needed for both the cloud-based Incapsula and on-premise SecureSphere solutions. Currently, Bot mitigation intelligence is shared beteween Incapsula and SecureSphere. In the future more types of threat intelligence will be shared between the 2 solutions, and we are also working on an unified management console to manage both products.
- Market focus on bot protection for security against wide variety of problems resulting due to automation–technical attacks, fraud, ddos etc. Online fraud is increasingly getting interlinked with web security, identity based attacks and end point threats Repeated instances of disclosed vulnerabilities in traditional ciphers forcing customers to adopt DH and ECDH ciphers Customers want customized implementation of ciphers per connection More customers are moving to cloud; Azure is picking up momentum besides AWS in key segments Continued preference for easy deployment models; increasing support for Dev-Ops model of IT deployment Increasing use of cloud based analytics tools to manage security incidents Customers would upgrade their environment to support HTTP2 More customers moving towards API based application delivery, requiring API protection for both web and Mobile apps
- Packets-Per-Second is the new game CDN, WAF, DDoS, Load Balancing, Monitoring… Automation is key Hybrid implementations