The need for business agility, spurred by COVID, has caused organizations to adopt a multi-cloud approach, along with the complexity it brings to their operations, security, and workforce. The 2022 F5 State of Application Strategy survey points out that about 77% of organizations are currently multi-cloud. Organizations adopting cloud infrastructure must address any associated risks. While security concerns drive the demand for web application firewalls (WAFs), it’s difficult for enterprises to decide which WAF best fits their needs.
SecureIQLab has published its 2022 Cloud Web Application Firewall (WAF) CyberRisk Validation Comparative Report. The lab evaluated multiple WAF vendors and tested their products. Vendors were chosen based on being market leaders, analyst and enterprise challengers, new market entrants, and interested participating vendors. F5 was ranked as a Leader for its security efficacy, operational efficiency, and return on security investment.
SecureIQLab used over 400 real-world test scenarios with approximately 9,100 attacks to determine comparative scores for the tested cloud WAF vendors. Complete security scores consisted of scores from security categories such as the OWASP Top 10, bot attacks, layer 7 DoS, resiliency, and vulnerable web environment attacks. F5 earned a high complete security score. F5 also demonstrated a high Return on Security Investment (ROSI). Thus, F5 earned a Security Efficacy Leader ranking. The F5 circle in the above Figure 1 depicts F5’s security efficacy vs. ROSI.
The second area of evaluation was operational efficiency. Effective default configurations with customizable security configurations factored into operational efficiency for WAF solutions. SecureIQLab evaluated vendor offerings over five key operational categories: ease of deployment, ease of management, ease of risk management, scalable and elastic capabilities, and logging and auditing capabilities. F5 received strong ratings in operational efficiency. This, combined with F5’s high ROSI, earned F5 an Operational Efficiency Leader ranking. The F5 triangle in Figure 1 depicts F5’s operational efficiency vs. ROSI.
Return on Security Investment (ROSI) was also evaluated, calculated based on prevented losses instead of generated income. This category encompasses security effectiveness, operational efficiency, annual product cost, and annual loss expectancy. The x-axis depicts ROSI values in Figure 1.
Each organization should seek a WAF that fits their needs anywhere the applications and APIs are located—and regardless of the nature and location of the apps’ users. F5’s WAF portfolio, based on its robust BIG-IP Advanced WAF engine, adapts to the unique requirements of today’s modern applications and deployments. It also allows F5 to deliver its WAF solutions closer to where the customer’s applications reside. F5 WAF solutions offer flexible deployment and operational choices to match your organization’s infrastructure, architecture, application location, and expertise without sacrificing efficacy or risk. F5’s WAF engine enables organizations to secure their applications and APIs, wherever they are deployed—public or private clouds, on-premises data centers, or at the edge—and regardless of their architectures: monolithic/legacy, microservices, service mesh, or serverless. It simplifies administrators’ lives by enabling the enforcement of consistent security policies across all applications, anywhere.
Please reach out to your account manager to evaluate the F5 WAF that best meets your application and API security needs.
Here’s a link to the report for more information.