This Gartner® Market Guide is for Security and Risk Management leaders to analyze the cloud WAAP market and select solutions that meet their organization's needs.
Gartner notes that: “…Cloud WAAP solutions utilize domain/FQDN-based routing to direct traffic through their network, making them easier to deploy and scale from an infrastructural perspective, and a better fit for a hybrid setup.”
In addition, Gartner notes that: “It is recommended to prioritize API protection capabilities offered by cloud WAAP vendors”
This report also suggests “Client-side protection has gained significant attention as web applications become more complex and threats targeting the client side grow more sophisticated”
API security should be a major factor in selecting WAAP services. Prioritize vendors with strong API discovery capabilities and security including discovery of first and 3rd party APIs, advanced anomaly and vulnerability detection and granular API protection policy generation.
Organizations with mandates need to prioritize WAAP vendors that have localized coverage or capabilities, and provide adequate functionality to manage data governance policies for controlling where and how data is collected and stored.
Prioritize cloud WAAP solutions that leverage AI/ML to reduce false positives and alert fatigue, with rich behavioral analysis and correlation engines to evaluate an increasing wave of user data and signals to validate legitimacy.
Report Disclaimer: Gartner, Market Guide for Cloud Web Application and API Protection, Esraa ElTahawy, Adam Hils, Aaron McQuaid, Dale Koeppen, 14 April 2025
GARTNER® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.