Why Read This
Having been thrust into the spotlight by payment card industry (PCI) data security standard (DSS) requirements three years ago, Web application firewall (WAF) — a technology that detects and blocks attacks against Web applications — has significantly matured. It's taken on a decidedly interesting identity, and standalone WAFs are almost nonexistent. In its place are solutions that include additional network functionality like content acceleration, application visibility, authentication, and database monitoring. We dub this new family of products "WAF+". Forrester estimates the 2009 market revenue of the WAF+ market to be nearly $200 million, and the market will grow by a solid 20% in 2010. Security and risk managers can expect two WAF trends in 2010: 1) midmarket-friendly WAFs will become available, and 2) larger enterprises will gravitate toward the increasingly prevalent WAF+ solutions.