WAF analysis: Compliance + Web application Protection

WAFWeb Application Firewall and WEB Application Firewall (WAF) are not popular in the global market? Mr. Grant Murphy, global product market manager of barracuda WAF, is clear, but the situation may not be the same for the Chinese market.

WAF truth: IPS and IDS are not WAF

First, Chinese customers lack knowledge about WAF.

Through communication with agents, Grant Murphy learned an interesting phenomenon. What is obviously different from foreign countries is that "many Chinese customers think IPS/IDS is WAF", but the truth is quite different. In his opinion, although IPS, IDS, and WAF can both protect network security, IPS and IDS only identify Network Attacks Based on signatures, WAF is based on attack behavior. In addition, WAF can protect layer-7 network attacks, while IPS/IDS obviously cannot.

In addition to these misunderstandings, there are still true and false WAF on the market, which makes it hard to identify the authenticity. Grant Murphy believes that the true WAF should have three characteristics:

1. To ensure compliance, the real WAF should have audit functions, which must be deployed for websites engaged in network transactions;

2. Web application protection based on attack behaviors;

3. Able to protect the architecture of Web websites, with Web specificity and report functions. "In addition, the real WAF should take both security and performance into account," Grant Murphy added.

WAF business opportunity: WEB security is a system engineering F

Second, the potential of the domestic WAF market has not been fully explored.

Data shows that the annual growth rate of the global WAF market is 20% to 25%. "Two or three years ago, compliance was the main driver of the WAF market. However, with the customer's understanding of Web security, security itself has become the biggest customer drive ." In an interview with the computer business news reporter, Grant Murphy said he was very optimistic about the development prospects of the WAF market.

Specifically in the Chinese market, the number of deployed barracuda Web application firewalls increased by 200% this year compared with last year. It is estimated that the average growth rate in the next three years will reach 500%.

Grant Murphy believes that the two customers are more likely to purchase WAF. First, the website has been attacked and some specific requirements are generated. Second, although the website has not been attacked yet, the website has a high awareness and a clear understanding of Web security vulnerabilities.

In specific industries, finance, telecommunications, securities, energy, education, and large state-owned enterprises will all be WAF's potential markets. In general, "as long as there is a network application, there will be a market ".

Web security is a system project. We hope that our channel partners should not simply sell products, but provide more solutions and fully understand WAF products and technologies, the customer's network environment and specific requirements.