Top Ten Best Web Application Firewall (WAF) Providers

According to industry reports, the average cost to US-based companies from a single data breach last year was $5.9 million. This includes the cost of remediation as well as damages related to lost data, service disruption and reputation tarnishing.

Now that more and more enterprises run their business applications and maintain their sensitive data in the cloud, websites and web applications have become primary targets of sophisticated cyber attacks.

Web Application Firewalls (WAF) are designed to secure internal and public web applications and data, so businesses can avoid costly data breaches and downtime. Deployed in front of web servers, WAFs are used to protect against hacking attempts, monitor access to applications, and collect access logs for compliance/auditing and analytics.

WAFs are used to detect and block carefully crafted threats that mimic legitimate website traffic in order to slip through traditional defenses. They are effective in blocking threats (e.g., SQL injection, cross-site scripting and remote file inclusion) that exploit vulnerabilities in web applications, thwarting attacks such as site scraping and comment spam, and stopping application-layer DDoS attacks carried out by malicious botnets.

In addition, WAFs identify and patch "self-inflicted" vulnerabilities in enterprises' homegrown web applications, as well as helping e-commerce merchants comply with PCI-DSS requirements.

Originally deployed as physical appliances in the enterprise data center, today WAFs are also available as virtual appliances, cloud-based services (usually integrated with a CDN) or as a dedicated module within Application Delivery Controllers.

The WAF market is growing quickly, with a broad range of products offering different levels of security capabilities. Choosing the right product depends on your company's business priorities, requirements and budget.
To help you get started, here is a list of the ten best commercial Web Application Firewalls.

The Top Ten

1 Citrix

The Citrix NetScaler AppFirewall is an appliance-based WAF that helps enterprise secure their applications and data without impairing performance or user experience. The appliance is deployed in front of your web server and monitors all incoming and outgoing traffic (including SSL-encrypted traffic). NetScaler AppFirewall enforces both positive and negative security models to ensure correct application behavior, allowing it to deliver zero-day protection against unpublished exploits. Automatically updated signatures are also used to detect known vulnerabilities and threats. NetScaler AppFirewall ensures PCI-DSS compliance through a dedicated reporting tool.

It was a very good WAF. But starting with version 11 it's unstabel.

Visit Website9
2 Incapsula Incapsula Incapsula Inc. is a cloud-based application delivery platform. It uses a global content delivery network to provide website security, DDoS protection, load balancing and failover services to clients. V 1 Comment Visit Website9
3 CloudFlare CloudFlare CloudFlare, Inc. is a U.S. company that provides a content delivery network, Internet Security services and distributed domain name server services, sitting between the visitor and the CloudFlare user's hosting provider, acting as a reverse proxy for websites.

CloudFlare's PCI-certified, cloud-based WAF runs the OWASP ModSecurity Core Rule Set, in conjunction with its own rules, heuristics and reputation database. There is also an option to write custom security rules (depending on your service plan). CloudFlare's WAF inspects application traffic before it arrives at your web server, applies rules to identify Malicious visitors, and blocks or challenges those visitors based on the pre-defined rule action. The WAF protects against common web threats such as SQL injection, comment spam, excessive bot crawling and application-layer DDoS attacks.

Visit Website9
4 Trustwave

Trustwave offers a physical or virtual on-premise Web Application Firewall appliance that can be deployed in both in-line or out-of-line modes. Using threat intelligence from its SpiderLabs® security team and multiple detection engines, Trustwave delivers advanced protection against application vulnerabilities and emerging threats, including the OWASP top ten. It allows enterprises to monitor applications, detect and prevent threats, mitigate data risk and address PCI compliance requirements. Trustwave offers virtual patching to protect vulnerable applications from attack without having to wait for the next release.

Visit Website9
5 Barracuda Networks

Barracuda Web Application Firewall (WAF) protects websites and applications against data breaches and defacements. It uses heuristic fingerprinting and IP reputation techniques to distinguish legitimate users from botnets, enabling it to block application layer DDoS traffic. Barracuda also includes strong authentication and access control capabilities to secure access to sensitive applications or data, while virtual patching protects applications from zero-day threats. Available as a hardware or virtual appliance, Barracuda can be deployed on premise, in private cloud or third-party cloud environments such as AWS or Microsoft Azure.

Visit Website9
6 Verizon Defend V 1 Comment Visit Website9
7 Radware

Radware's AppWall WAF solution is offered as a physical or virtual appliance for on-premise deployment. It protects web applications and helps enterprises comply with PCI requirements by mitigating web application security threats and zero-day attacks while detecting and blocking vulnerability exploits. AppWall gives you full coverage against injections, cross-site scripting, cross-site request forgery and other OWASP top 10 threats, while helping to protect against leaks and manipulation of sensitive data. Proprietary technology is used to automatically generate and maintain enterprise network security policies and create granular protection rules.

Visit Website9
8 Sucuri

The Sucuri Website Firewall is a cloud-based WAF designed primarily for smaller customers, such as bloggers, e-commerce sites and other business customers, that need to protect a single website. Sucuri serves as a proxy between your website and the rest of the web, filtering out Malicious attacks and traffic and sending only legitimate traffic to your website. Using a proprietary approach to application profiling, Malicious URL filtering, and anomaly detection, Sucuri protects your site from hacking attempts, vulnerabilities and possible blacklisting by search engines.

Switched from Incapsula after hackers found ways to bypass their WAF and hack my site, never happened again since the switch to Sucuri.

Visit Website9
9 Akamai Akamai Akamai Technologies, Inc. is a content delivery network and cloud services provider headquartered in Cambridge, Massachusetts, in the United States.

Solid product offering that ties multiple options to improve companies security posture

Akamai's Kona Site Defender is an enterprise-focused cloud security service that protects websites against vulnerabilities and attacks, as well as mitigating application-layer DDoS attacks using rate controls. The Kona Web Application Firewall (WAF) identifies and blocks application-layer attacks in HTTP and HTTPS traffic, such as SQL injections and cross-site scripting (XSS). With the help of Akamai's Professional Services team, enterprises can create custom security rules tailored to their policies and use cases. High performance even under attack is assured through the use of Akamai's global distributed network.

10 Applicure

DotDefender is a WAF software solution that is installed directly on your IIS and Apache servers across private, cloud and VPS environments. It protects websites and web applications from known and unknown attacks, denial of service, hacking attempts and data loss. DotDefender monitors all incoming and outgoing application traffic, using pattern recognition to detect zero-day exploits and session protection to help avoid impersonation. Signature-based techniques are used to block known attacks and vulnerabilities. To ease installation, DotDefender comes with built-in security rules that don't require configuration.

Visit Website9

The Contenders

11 F5 V 1 Comment
12 Sophos
13 Indusface

Indusface Total Application Security is industry’s first truly integrated web application security and compliance solution. It helps organizations detect application layer vulnerabilities accurately, patch them instantly without any change in code, and continuously monitor for emerging threats and DDoS attacks to mitigate them. - ishaan12345

14 haltDos

HaltDos offers Web Application Firewall (WAF) and DDoS Protection on a single platform. It is a fully managed solution that uses state of the art anomaly detection techniques to block application layer attacks with zero false positives. It protects your website from common and zero day web exploits that affect application availability, compromise security or consume application server resources. It also periodically goes and audits your website to provide comprehensive security for your website.

BAdd New Item
P