The Changing Face of Web Application Security

November 12, 2018 Tiffany Olson Kleemann

We all understand that security is driven by balancing risk with compliance requirements, and protecting important assets while minimizing the financial cost, but recent developments suggest that a shift in emphasis is occurring within web application security.

For many years now, the web application firewall (or WAF) has been the bedrock of protecting websites. Since the first open source WAF from Modsecurity began in 2002, the market, primarily driven by compliance and payment card industry (PCI) requirements, has grown to a multi-billion dollar industry. It is still true that any new WAF must address the OWASP Top 10 security vulnerabilities, whether it is a cloud WAF, an appliance or open source, but recently a new key requirement has been added—WAFs must now include bot mitigation.

Some might argue that WAFs have always been able to detect bots, but no company that deals with today’s sophisticated bot problems would rely solely on a WAF. They have learned through hard-earned experience that writing WAF rules for an ever-changing bot problem is time-consuming, inefficient and ineffective because WAFs were built for protecting vulnerabilities and not for beating bots.

Industry analyst firms are changing their commentary on web application security and are sharing similar sentiments about the increasing importance of bot mitigation within their research.

In its recently published “Magic Quadrant for Web Application Firewalls,” Gartner concluded that bot management is on the rise: “During the past few months, the ability to segregate automated traffic from human clients has become a more important requirement. Bot mitigation and good bot handling have become scrutinized features, and WAF vendors adapting their offerings.”

But the reality is that the vendors included within the report were evaluated on how adequately they addressed the bot problem. And as a warning to the WAF vendors: “Gartner expects bot management (which includes bot mitigation and good bot handling) to become a core feature in WAF evaluations in the near future.”

Forrester also acknowledges that web application security is changing, and recently published “The Forrester New WaveTM: Bot Management, Q3 2018,” indicating the market is maturing in importance.

Read the Article

About the Author

Tiffany is a dynamic executive with more than 20 years of proven business and operations experience within the information technology industry (large companies and startups), the White House, government and U.S. military. Previously, Tiffany was a vice president at FireEye, leading global strategic partnerships and alliance operations. She joined the FireEye team through the acquisition of iSIGHT Partners where she was Chief Revenue Officer & SVP of Client Solutions.

More Content by Tiffany Olson Kleemann
Previous Article
Bots Are an Existential Threat to Our Economy
Bots Are an Existential Threat to Our Economy

Next Article
Bots Distorted the 2016 Election. Will the Midterms Be a Sequel?
Bots Distorted the 2016 Election. Will the Midterms Be a Sequel?

The fact that Russian-linked bots penetrated social media to influence the 2016 U.S. presidential election ...