Gartner Magic Quadrant for Web Application Firewalls (2020 - 2016)

A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.

While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy.

According to Gartner, by 2023, more than 30% of public-facing web applications will be protected by cloud web application and API protection (WAAP) services that combine distributed denial of service (DDoS) protection, bot mitigation, API protection, and WAFs. This is an increase from fewer than 10% today.

By 2024, most organizations that implement a multi cloud strategy for web applications in a production environment will only use cloud WaaP services.

 

2020

Leader:

• Imperva
• Akamai

Challengers

• Cloudflare
• F5
• Barracuda
• Fortinet

2019

Leader:

• Imperva
• Akamai

Challengers

• Cloudflare
• F5
• Barracuda
• Fortinet

2018

On August 2018, Gartner’s released their latest Magic Quadrant report for Web Application Firewalls. Only Imperva and Akamai are in the Leaders quadrant. F5 has been moved out from Leaders quadrant to challengers. Other vendors , such as Fortinet, Cloudflare, Barracuda, Citrix, are not changed much and still in challengers. Oracle and Radware are in Visionaries quadrant.

Leader:

• Imperva
• Akamai

Challengers

• Cloudflare
• F5
• Barracuda
• Fortinet
• Citrix

2017

2016

Imperva was the only one in Leader quadrant.