BLOG

F5 Listed Among Leaders in KuppingerCole Leadership Compass 2024 for WAF

Navpreet Gill Miniatura
Navpreet Gill
Published April 09, 2024

According to Cyber Security Agency of Singapore, Zero-day vulnerabilities, undiscovered by developers until exploited, surged by 40% in 2023, significantly challenging modern security systems. This increase is exacerbated by AI in cyberattacks, enhancing the scale, speed, and sophistication of attacks. Consequently, the average cost of data breaches has risen to $4.5 million, marking a 15% increase over three years, according to IBM. A Web Application Firewall (WAF) filters harmful traffic to protect applications, using customizable rules to meet specific security needs. WAFs have been used by organizations to defend against various attacks on applications and APIs to provide a sense of protection.

KuppingerCole Analysts AG recently evaluated several vendors and their offerings for product, innovation, and market fit for WAF. F5 Distributed Cloud WAAP was listed as a leader in the KuppingerCole Leadership Compass 2024 for WAF for product, innovation, market fit, and overall. KuppingerCole also mentioned that F5 is well known for application technologies, including NGINX App Protect and BIG-IP Advanced WAF, which with Distributed Cloud WAAP were also evaluated in the Leadership Compass. 

The Overall Leadership rating for the WAF market segment
Figure: The Overall Leadership rating for the WAF market segment

F5 Distributed Cloud WAAP received a “Strong Positive” rating from KuppingerCole for security, functionality, deployment, and usability, in addition to innovativeness, financial strength, and ecosystem. Some of the strengths for F5 Distributed Cloud WAAP highlighted in the report include flexible deployment, availability of a wide ecosystem, extensive API support, and strong third-party integration. The report also noted how F5 Distributed Cloud WAAP ensures data protection, meets various compliance standards, provides 24/7 SOC support, leverages AI and ML to identify and block malicious activities, and offers insightful dashboards, detailed reporting, and role-based access control.

The KuppingerCole Leadership Compass 2024 for WAF discusses how the WAF market is maturing and how modern WAF solutions are expected to include both negative and positive security models to protect web applications from attacks, with essential features for detecting attack signatures and DDoS protection. Additionally, the scope of WAFs has broadened to include API protection, now often integrated into offerings marketed as Web Application and API Protection (WAAP), making API security an essential component of contemporary WAF solutions.

F5 WAAP solutions’ capabilities for API and DDoS protection received positive remarks in the report: “Its API security is capable of securing REST, SOAP, gRPC, GraphQL, LDAP, RADIUS, and Webhooks protocols. F5 WAAP implements sophisticated API security measures to protect against the OWASP Top 10 for APIs, DoS attacks, data leaks, SQL injections, and includes automatic API discovery. The platform can be integrated with F5 NGINX to provide API gateway capabilities. It supports essential API security features like schema validation, rate limiting, allow-listing, and API routing. Additionally, API key mechanisms are used to block anonymous traffic, manage quotas, and authorize access”.

The report also states that F5 Distributed Cloud WAAP “is an excellent option for large enterprises looking for a comprehensive web application and API security solution” and that its “versatility across deployment models and integration with major platforms make it a strong candidate for enterprises with complex, multi-cloud environments.”

Please reach out to your Account Manager to evaluate F5 Distributed Cloud WAAP and the F5 WAF delivery model that best meets your application and API security needs.

Here’s a link to F5’s press release on the report.