We all understand that security is driven by balancing risk with compliance requirements, and protecting important assets while minimizing the financial cost, but recent developments suggest that a shift in emphasis is occurring within web application security.
For many years now, the web application firewall (or WAF) has been the bedrock of protecting websites. Since the first open source WAF from Modsecurity began in 2002, the market, primarily driven by compliance and payment card industry (PCI) requirements, has grown to a multi-billion dollar industry. It is still true that any new WAF must address the OWASP Top 10 security vulnerabilities, whether it is a cloud WAF, an appliance or open source, but recently a new key requirement has been added—WAFs must now include bot mitigation.
Some might argue that WAFs have always been able to detect bots, but no company that deals with today’s sophisticated bot problems would rely solely on a WAF. They have learned through hard-earned experience that writing WAF rules for an ever-changing bot problem is time-consuming, inefficient and ineffective because WAFs were built for protecting vulnerabilities and not for beating bots.
Industry analyst firms are changing their commentary on web application security and are sharing similar sentiments about the increasing importance of bot mitigation within their research.
In its recently published “Magic Quadrant for Web Application Firewalls,” Gartner concluded that bot management is on the rise: “During the past few months, the ability to segregate automated traffic from human clients has become a more important requirement. Bot mitigation and good bot handling have become scrutinized features, and WAF vendors adapting their offerings.”
But the reality is that the vendors included within the report were evaluated on how adequately they addressed the bot problem. And as a warning to the WAF vendors: “Gartner expects bot management (which includes bot mitigation and good bot handling) to become a core feature in WAF evaluations in the near future.”
Forrester also acknowledges that web application security is changing, and recently published “The Forrester New WaveTM: Bot Management, Q3 2018,” indicating the market is maturing in importance.
About the AuthorMore Content by Tiffany Olson Kleemann