TMCnet News
NSS Labs Announces Web Application Firewall Group Test Results4 Vendors Receive Recommended Rating – 1 Receives Caution AUSTIN, Texas, April 11, 2017 (GLOBE NEWSWIRE) -- NSS Labs, Inc., the global leader in operationalizing cybersecurity, today announced the results of its second Web Application Firewall (WAF) Group Test. A growing segment of the security market, WAFs employ a wide range of functions to work in conjunction with perimeter firewalls and intrusion prevention system (IPS) technologies to provide protection specifically for web applications. Of the five market-leading WAF vendors whose products had results published today, four products received a Recommended rating, while one product received a Caution rating. Websites are exposed to web-based application attacks designed to bypass data center firewalls (DCFWs) and data center intrusion prevention systems (DCIPS). WAF products protect web servers by inspecting HTTP communication for malicious content. Although WAF products can be used as transparent bridges to inspect traffic, many enterprises are utilizing WAFs as reverse proxies that sit between the user and web server, allowing inspection of encrypted traffic. The ability of WAFs to inspect encrypted traffic has become increasingly important, as at least 75% of all web traffic will be encrypted by 2019. To validate their security effectiveness, WAF products were tested for their ability to successfully identify and protect against targeted exploits, including known vulnerabilities and coding errors. Products were also tested against the Open Web Application Source Project (OWASP) Top Ten, and false positive testing was conducted to determine whether they could support SSL encryption and identify legitimate traffic. Total cost of ownership (TCO) was calculated based on Protected Mbps to provide enterprises with insight into cost and to create a normalized comparion across products. Key findings include:
“In 2016, close to half of the network attacks targeting web applications came in through HTTP traffic and SSL vectors,” said Vikram Phatak, CEO at NSS Labs. “WAF devices are important lines of defense to secure critical web commerce operations and combat these attacks. The WAF Group Test results underscore the need for objective, vendor-neutral insights to help enterprises select the right solutions to strengthen their security posture.” The five market leaders in the WAF Group Test include:
As with all NSS Labs Group Tests, there was no fee for participation, and the Test Methodology is available in the public domain to provide transparency and help enterprises understand the factors behind the results. The “no fee for participation” and “public domain” are part of NSS Labs commitment to provide empirical data and objective group test results that enable security organizations to make educated decisions about purchasing and optimizing security infrastructure products and services. A free download of the Security Value Map™ (SVM) graphic can be found here. For more information, or to purchase NSS Labs Test Reports, click here. To learn more about the WAF Test Methodology and the WAF Group Test results, please click here. About NSS Labs, Inc. Contact: Tom Resau W2 Communications Phone: +1 703-877-8103 [email protected] |