The document discusses Imperva's positioning in Gartner's 2016 Magic Quadrant for Web Application Firewalls. It provides Imperva's Chief Product Strategist's presentation on the Gartner MQ results, the market definition and trends, Imperva's WAF solutions and vision, and a customer panel discussion. The presentation aims to showcase Imperva as the leader in the WAF market for three consecutive years and discuss their products and features.
Talking Points:
In the 2016 Gartner MQ, Imperva is the ONLY vendor in the leaders quadrant for Web Application Firewalls, for an unprecedented third time in a row!
Our research indicates that no other company has ever been alone in the Leaders Quadrant for three consecutive years! We have combed through the three-year historical data on Gartner.com for 125 Magic Quadrants across all industries.
This speaks to our customer focus, innovation, technical and brand strength, and the lead that we have amassed in the market with both Imperva SecureSphere and Imperva Incapsula.
Here are the positive points that Gartner had to say about Imperva.
Gartner states “Imperva is a strong shortlist candidate for organizations of all sizes, especially those with high-security requirements or those looking for an easy-to-deploy, cloud-based WAF.” In addition to being the only vendor in the leaders quadrant, Gartner also ranks Imperva as the most visionary.
Here are some quotes from the latest Gartner MQ which shows why both SecureSphere and Incapsula are the leaders in WAF.
Imperva consistently scores high and wins in competitive assessments when SECURITY is the most weighted criteria
SecureSphere is consistently selected for its advanced security, advanced policy learning and integration with database monitoring capabilities
Incapsula continuously scores high as the cloud-based WAF. Integrates with SIEMs and always-on IP-protection using GRE tunnels
Existing clients are also satisfied with the quality of Imperva solutions. When they put Imperva in competition at renewal times, it is frequently due to security budget shifts or architecture changes
Market Definition (Page 1)
IS
This Magic Quadrant includes WAFs that are deployed in front of web applications and not integrated directly on web servers:
Purpose-built physical, virtual or software appliances
WAF modules embedded in application delivery controllers (ADCs; see "Magic Quadrant for Application Delivery Controllers" )
virtual appliances available on infrastructure as a service (IaaS) platforms
Cloud-based managed service (SaaS)
IS NOT – These are adjacent technologies that
API gateway (e.g. AWS gateway), bot management, Application Self Testing, SIEM, and runtime application self-protection (RASP) are adjacent to the WAF market, and might compete for the same application security budget. This motivates WAF vendors to add relevant features from these adjacent markets when appropriate.
Imperva WAF provides Bot mitigation as an option, and the WAF is pre-integrated with enterprise security technologies — such as application security testing (vulnerability scanners), SecureSphere database monitoring, and several SIEM solutions. We also parse RESTful APIs (JSON/XML) and apply policy-based checks to those interfaces. We believe the RASP technology is in its infancy, used mostly in staging (pre-production) environments, and not in production.
Pg 29:
Market Overview: Gartner estimates that the WAF market totaled about $516 million in 2015, representing a growth of 21%
Market Size/Geo: Americas represent 45% of the total market, EMEA accounts for 26% of the market, and the Asia/Pacific region accounts for 29%.
Pages 30, 31:
Basic WAF use-cases that most WAF products provide to some level:
Detect OWASP Top-10 attacks (SQL injection, XSS, etc.)
IP Reputation feeds which have been there in NGFW, IPS/IDS products
DDoS protection – network and app-level
On-premise and cloud-based app protection
Integrating WAF syslogs with existing SIEM of customer’s choice
Next-Gen WAF use-cases that customers are looking for, that competing WAF products do not yet provide.
Policies derived from automating application behavior learning/profiling, positive security model – concern that it could disrupt business
Bot mitigation is a growing concern, especially for large B2C web applications, in addition to DDoS and CDN across multiple PoPs around the world.
Account takeover protection by detecting credential compromise
Better alerting/reporting for security analysts, with better actionable information on why web traffic was blocked
Mobile application security is driving vendors towards API security features.
Gartner MQ Report lists a number of “Imperva Strengths” on pages 16 and 17. However, Gartner does not want to endorse any vendor’s strengths over other vendors. Hence, we could not include ”Imperva Strengths” on this slide.
Instead, we have decided to communicate what we hear from our customers as our key differentiators, which is also captures in a whitepaper – Five Ways Imperva Surpasses the Competition for Web Application Security.
Highest Accuracy of Detection
Dynamic Profiling, Correlated Attack validation, Customizable Policies
Most Comprehensive Protection
Technical attacks (OSAWP Top-10), Business logic attacks (Reputation, Bot mitigation, Account Takeover)
Broadest Deployment Options
On-premises and in Cloud Infrastructure (AWS/Azure), physical or virtual appliances
Cloud-based SaaS service with CDN, DDoS, IP-protection using GRE tunnels
Seamless integration with Security Operations
Pre-integrated with SIEMs, Vulnerability Scanners, and Malware detection tools
Simplified management for Enterprise Scalability
Single management server (MX) can manage up to 15 WAF gateways
Two tier management using Security Operations Manager (manager of managers)
Managed service option with Incapsula – easy to use, minimal configuration, no security expertise required
Gartner estimates that physical appliance sales, and WAF sales from ADC vendors, has grown slower than average, whereas cloud-based WAF sales grow much faster, but from a smaller base.
By year-end 2020, more than 70% of public web applications protected by a web application firewall (WAF) will use WAFs delivered as a cloud service or internet-hosted virtual appliance — up from less than 25% today.
Let’s look at the Hybrid Deployment use-case further.
The cloud-based WAF - Incapsula is offered as a managed service to protect customers against broad DDoS attacks at multiple Points of Presence (PoPs) around the world.
<click>
The on-premise WAF – SecureSphere is used by customers who have more in-house security expertise to protect applications against targeted web attacks.
<click>
If you look at the type of attacks in a continuum, most noisy web traffic coming from badly reputed Ips/Bots can be blocked in the cloud using Incapsula. The more sophisticated attacks to exploit business logic, or uses application profiling techniques can be blocked using customizable policies SecureSphere.
<click>
Imperva ThreatRadar provides the threat intelligence needed for both the cloud-based Incapsula and on-premise SecureSphere solutions. Currently, Bot mitigation intelligence is shared beteween Incapsula and SecureSphere. In the future more types of threat intelligence will be shared between the 2 solutions, and we are also working on an unified management console to manage both products.
Market focus on bot protection for security against wide variety of problems resulting due to automation–technical attacks, fraud, ddos etc.
Online fraud is increasingly getting interlinked with web security, identity based attacks and end point threats
Repeated instances of disclosed vulnerabilities in traditional ciphers forcing customers to adopt DH and ECDH ciphers
Customers want customized implementation of ciphers per connection
More customers are moving to cloud; Azure is picking up momentum besides AWS in key segments
Continued preference for easy deployment models; increasing support for Dev-Ops model of IT deployment
Increasing use of cloud based analytics tools to manage security incidents
Customers would upgrade their environment to support HTTP2
More customers moving towards API based application delivery, requiring API protection for both web and Mobile apps
Packets-Per-Second is the new game
CDN, WAF, DDoS, Load Balancing, Monitoring…
Automation is key
Hybrid implementations