The remote workforce has transformed the network perimeter and driven organizations to the cloud. Attackers have also adapted to the new IT landscape. Web application-based vulnerabilities are among the top breach vectors. The Web Application Firewall (WAF) remains the most frequently used security control to protect web applications against attacks. To help organizations, SecureIQLab has validated the security efficacy and operational efficiency of nine popular web application firewalls. This effort will help organizations understand the return on security investment for WAF solutions and evolve their network defenses to prevent web servers and their applications from being exploited.
More than 22,000 attacks were tested against each of the products validated. Individual reports simplify and summarize our findings and include group averages for context. Individual reports for the nine tested are projected to publish over the next few weeks and culminate with a comparative report. The comparative report will provide a high-level comparison for security efficacy, operational efficiency, and return on security investment.The first three reports to publish (AWS, Cloudflare, and StackPath) may be read here: Publications