Akamai Diversity

The Akamai Blog

Akamai Received Top Scores in Gartner's New Report "Critical Capabilities for Cloud Web Application Firewalls Services"

Are you in the process of selecting a web application firewall (WAF) or thinking about whether your current solution is adequate? For many organizations selecting the right WAF to protect their business is not an easy task. The threat landscape is changing fast and hackers are very creative in their own ways. The good news is that Gartner just released a new report "Critical Capabilities for Cloud Web Application Firewalls Services" written by Jeremy D'Hoinne, Ayal Tirosh, Claudio Neiva, Adam Hils, 6 December 2018. Gartner compares key WAF vendors by looking at three industry relevant use cases. I am proud to say that Akamai received top scores on two out of the three use cases.

  • Mobile application
  • Web scale critical business application
  • Public facing web application 

The Akamai results matter to you for the following reasons:

1) In the use case Mobile Application, Akamai achieved the highest score with 3.38 out of 5. This is especially relevant as more and more organizations open their business via APIs and mobile applications. As pointed out in Akamai's State of the Internet Summer 2018 report, we have seen that bots are trying to evade detection or pretend to be a human being for fraud and abuse purposes. Imitation of mobile device browsers is on the rise and currently one of the most common types of browser imitation.

figure3 (1)(1).jpg

2) In the use case Web Scale Critical Business Applications Akamai scores highest with 3.7 out of 5. Critical business applications are the crown jewels and are, therefore, of special interest for hackers and malicious attacks. As the legendary bank robber Willie Sutton replied when asked why he robbed banks, "Because that's where the money is." Business critical applications are the "bank" in the cyber world and Akamai helps you to protect your "bank" with our edge security solutions like WAF and bot management. 


figure2222.jpg

3) In the use case Public Facing Web Applications Akamai scored a 3.36 out of 5. Well, we can't win everything. But jokes aside, organizations simply don't have the people or time to protect all of their public-facing websites. We just announced a new capability in October - an additional firewall rule set, which provides automated protection of websites, applications and APIs with minimal operational effort for our customers. This allows them to quickly apply automated protection for many additional sites that go online on short notice or for a short period of time or just host less sensitive information and therefore remained unprotected so far.

figure11111.jpg

What else is covered in this report? 

Gartner discusses several critical WAF capabilities. I will not review all of them, but just highlight a few which have especially high relevance after this year's security events.

I do agree that DDoS protection is a critical capability. This is particularly obvious, as we have seen a 16% increase in the number of DDoS attacks during the last year. The industry also experienced the largest ever DDoS attack, Memcached, earlier this year. Basically the attack size doubles every two years.

This increase in overall attacks leads to geographic scalability and presence. This is important for two reasons. First, as a security vendor, you want to be where you customers are to provide them the best experience. Second, you want to be as close to the attackers in order to mitigate them as quickly as possible. Akamai usually is only one hop away from 90% of all attackers, which keeps malicious traffic off the network and results in less interference. Also, Akamai's huge footprint allows our experts to see, follow and mitigate a massive number of daily attacks. This knowledge is transferred into Akamai's firewall rules and security products, to make them one of the best in the industry.

I completely agree that API security is growing in importance. In a series of blog posts titled "The Dark Side of APIs" (12 and 3), Akamai researchers raised concerns about how little many organizations know about the traffic hitting the interfaces used for computer- to-computer interaction. Considering that API traffic now constitutes more than 25% of all web traffic Akamai sees, we believe this is something organizations should also be concerned with.

Akamai was already leading the industry when it introduced a positive security model two years ago. In October, we took API security to the next level with automated protection, which makes it easier for organizations to scale their security posture. Not covered in this report is our API gateway, which provides our customers the ability to add API governance to their security footprint. Our all around API solution now gives our customers
improved API performance, security and governance. 

In summary we are very proud that Akamai's solutions received another outstanding recognition from Gartner after their 2018 Magic Quadrant for web application firewalls, which shows steady progress of our 100% cloud based WAF and edge security solution.

So, if you are looking for a security solution to protect your web applications and APIs against DDoS, web or bot attacks, give us a call or click to chat with us. Or just take a test drive on a free trial.

Looking forward to hearing from you.

Stay safe!

The graphics were published by Gartner, Inc as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Akamai.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consists of opinions of Gartner's research organization and should not be construed as statement of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Leave a comment