Akamai Diversity

The Akamai Blog

Akamai Named Gartner Magic Quadrant Leader for Fourth Consecutive Year

Gartner published its 2020 Magic Quadrant for Web Application Firewalls (WAF)i and named Akamai a Leader for the fourth consecutive year. Gartner's high distinction is market recognition of our completeness of vision and ability to execute.


This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Akamai Technologies, Inc.

Akamai's edge security experience, strong product alignment, and broad security portfolio with expanded coverage into new forms of attacks continue to set us apart.

Akamai's Web Application Security Portfolio

Development, operations, and security teams must work together to protect not only networks and business-critical applications, but also increasingly complex IT infrastructure, rapidly evolving APIs, and potentially compromised web browsers from the latest threats. Multi-cloud hybrid environments, mobile, and software as a service (SaaS) offerings are all examples of how modern applications -- especially with the move toward microservices-based API architectures -- continue to expand the attack surface. Cybercriminals use multiple attack vectors to exploit new vulnerabilities beyond web applications, extending into business logic functions and JavaScript supply chains.

A holistic web application and API protection (WAAP) solution includes security capabilities that cover an ever-expanding range of threats. This year, Akamai launched Page Integrity Manager, which is designed to protect websites from JavaScript threats such as web skimming, formjacking, and Magecart attacks.

"Security leaders must adapt to web application and API threat landscape changes by strengthening their web application security requirements beyond the traditional WAF scope and expectation to the more comprehensive WAAP."ii

In addition to broad web application security to combat multi-vector attacks, Akamai also announced new API discovery and profiling capabilities with our most recent Platform Update.

New API Discovery and Profiling

Visibility into API traffic is a foundational first step to protection. Organizations that lack this visibility can potentially suffer significant operational and security challenges, increasing risk. With API discovery and profiling, Akamai WAAP now has the ability to automatically inspect traffic and provide a list of both protected and unprotected APIs, including their endpoints, definitions, and traffic characteristics. This capability -- the first of its kind for an edge-based WAAP -- is only part of the solution. Akamai also parses and inspects APIs for malicious payloads, enables predefined API specifications, provides API-level reporting, and enables custom inspection rules to meet a wide range of requirements.

Gartner mentions that "by 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications."iii

As the market continues to adopt greater use of API-based microservices architectures and mobile applications, you will need strong API protections that stay a step ahead of threats.

Four Advantages of the Akamai WAAP

As a recognized industry pioneer, Akamai's approach to web application security is fueled by delivering on four key advantages: 

  1. Unmatched visibility: Visibility into attacks is critical. Every day, Akamai collects data from over 178 billion WAF rule triggers, 12 billion bot requests, and 280 million bot logins -- generating 130 TB of attack data. This level of insight allows us to constantly improve security, predict new threats, and provide automated and accurate protections. In 2020, this visibility extends to API endpoints and their traffic profiles, as well as client-side script vulnerabilities.
  2. High security outcomes: Akamai's crowdsourced attack visibility with machine learning and real-time threat intelligence combine to deliver high security outcomes. This year, we improved our WAF engine with Adaptive Security Profiles -- a security feature designed to dynamically modify protections based on each customer's individual threat landscape. Every incoming request contributes to a risk profile based on factors like reputation, attack history, suspicious source(s), signs of malicious automation, and more -- helping to further decrease false negatives, without increasing false positives, and detecting the most sophisticated attacks.
  3. User empowerment: From developers, to cloud architects, to security teams within mid- to large-size enterprises, we aim to empower all stakeholders with solutions that are automated, integrated, and intuitive to use. New configuration APIs, compatibility with orchestration tools, and simplified product onboarding are just some of the enhancements designed to improve operational efficiencies, reduce human error, and mitigate the rising cost and complexity of maintenance.
  4. Holistic edge security: The integration of Akamai's WAF with our other products, including Prolexic, Edge DNS, Page Integrity Manager, and Bot Manager, provides comprehensive web application security. Akamai continues to deliver strong solutions with high performance through an integrated, unified platform approach. As a strategic security partner, Akamai will continue to solve complex security needs and deliver holistic edge solutions as your needs grow and evolve over time.

To read the complete 2020 Gartner Magic Quadrant for Web Application Firewalls report, click here.

Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, John Watts, 19 October 2020

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

i Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, John Watts - 19 October 2020

ii Gartner: Defining Cloud Web Application and API Protection Services, Jeremy d'Hoinne, Adam Hils, 26  Feb 2019

iii Gartner: API Security: What you Need to Do to Protect Your APIs, Mark O'Neill, Dionisio Zumerle, Jeremy d'Hoinne, 28 August 2019