Gartner MQ for Web App Firewall Webinar

© 2016 Imperva, Inc. All rights reserved.

2016 Gartner MQ for Web Application Firewall (WAF)Results and Customer Insights

Terry Ray, Chief Product Strategist, Imperva

© 2016 Imperva, Inc. All rights reserved. Confidential2

Speaker and Customer Panel

Terry Ray,Chief Product Strategist,Imperva, Inc.

Ryan McElrath,Chief Technology Officer,americaneagle.com

Michael Boucher,Director, Information Risk ManagementFTD, Inc.

Richard Kim,Application Security Engineer,Kellogg Company

© 2016 Imperva, Inc. All rights reserved.3

Agenda

• Gartner MQ Results • Gartner Market Definition, Market Trends• Imperva Solution and Vision• Customer Insights • Conclusions

4 © 2015 Imperva, Inc. All rights reserved.

Web Application Firewalls

2016 Gartner MQ Results1


THE ONLY LEADER

THREE CONSECUTIVE YEARS

2016 Gartner Magic Quadrant for


Gartner “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Claudio Neiva, 19 July 2016.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Gartner WAF Market DefinitionProtects public or internal web applications against a variety of attacks, when the

applications are deployed on-premises or in cloud infrastructure

Q1: What business problems are you addressing with the Imperva WAF? How long have you been an Imperva customer?

Source: Graphics created by Imperva based on Gartner report: “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Claudio Neiva, 19 July 2016.

Web Application Firewall

• Purpose-built physical/virtual appliances

• Modules embedded in App Delivery Controllers

• Virtual appliance in cloud Infrastructure (IaaS)

• Cloud-based managed service (SaaS)

Adjacent Technologies

• API gateway, Bot management

• Application Self Testing (AST), DB monitoring

• Security Information and Event Mgmt. (SIEM)

• Runtime Application Self Protection (RASP)


Gartner WAF Market OverviewWW Market Size in 2015 is $516M growing at 21%

Q2: What are your top 3 WAF use cases in your current Imperva WAF deployment? What other use-cases you are planning to enable in the near future?


Basic WAF use-cases:• OWASP Top-10 blocking• IP Reputation based blocking• Virtual Patching• SIEM integration• On-premise and cloud app protection

NextGen WAF use-cases:• Policies derived from application profiling• Bot mitigation with DDoS and CDN• Alerting/reporting for security analysts• Unified mgmt. for SaaS and On-premises• Mobile application security (API)


Why Customers Choose Imperva Over Other WAF Solutions

Q3: What are your main reasons for choosing Imperva WAF?

• Highest Accuracy of Detection

• Most Comprehensive Protection

• Broadest Deployment Options

• Seamless integration with Security Operations

• Simplified management for Enterprise Scalability


Gartner Market Trends – WAF Moving to the Cloud with the Apps

Web Servers

WAF

On-Premises

Q4: What are your top concerns when moving or considering to move your apps to the cloud?


2016

2020

75%

30%

Cloud-based WAF Cloud Infrastructures

Cloud

25%

70%



Imperva Solution and Vision2

11 © 2016 Imperva, Inc. All rights reserved. Confidential

Targeted Attacks

Access Control

Logic Attacks

Application Profile

Generic Attacks

Reputation and BotsDDoS

Imperva Hybrid WAF – Functional ViewHigh Operational Risk

Power of ManyHigh Security RiskSpecialized Policy


Imperva Vision: SecureSphere WAFMarket Trends

Fraud& functional

abuse is becoming common

Attack automation is dramatically

increasing

Underlying application

protocols are changing

Cloud Adoption is accelerating

DevOps methodology is

being embraced in leading enterprises


Imperva Vision: IncapsulaMarket Trends

DDoS attacks breaking records

CDNs morphing into application delivery clouds

CISOs focus on high risk

attacks

Customers want to improve agility

and coverage

Q5: What other application security challenges do you see in the future?


Web Application Security

Imperva WAF Solutions - Summary3

© 2016 Imperva, Inc. All rights reserved.15

Imperva Web Application Security

Highest Accuracy of detection of both technical and automated attacks, with customizable policies and correlation of multiple attack conditions

Broadest Deployment Options – on-premises, in cloud (AWS/Azure), out-of-band/in-line, transparent-bridge, and reverse proxy

In-depth Threat Intelligence crowdsourced from customers worldwide and curated by Imperva Defense Center (research team)

Comprehensive Protection including IP Reputation, Bot mitigation, Account Takeover protection, and Fraud Prevention services

Cloud-based DDoS, WAF content delivery network provides network DDoS protection, load balancing and web app. protection

Access Control and Bot Mitigation blocks unwanted IP’s, geo-locations, automated attackers, bad bots, scrapers, spammers


Q & A: Speaker and Customer Panel

Terry Ray,Chief Product Strategist,Imperva, Inc.

Ryan McElrath,Chief Technology Officer,americaneagle.com

Michael Boucher,Director, Information Risk ManagementFTD, Inc.

Richard Kim,Application Security Engineer,Kellogg Company


Web Application Firewall Resources

https://www.imperva.com/docs/WP_WAF_Five_Key_Capabilities.pdf

https://www.imperva.com/docs/IMPERVA_WP_OWASP_Automated_Attacks.pdf

https://www.imperva.com/docs/WP_Web_Attack_Survival_Guide.pdf

https://www.imperva.com/ld/web-application-firewall-magic-quadrant-2016.asp?src=WWW:GartnerMagicQuadrant2016:US:hero:report