Press release

Report: Most Organizations Are Dissatisfied With Their Web Application Firewalls (WAFs)

Sponsored by Businesswire

Cequence Security, a provider of innovative software solutions that
protect web, mobile, and API-based applications from cyberattacks, today
released a new Ponemon Institute report – “The State of Web Application
Firewalls”- showing that only 40% of organizations are satisfied with
their WAF. The report is based on data gathered from 595 organizations
across the U.S. On average, they have each deployed 158 web, mobile, and
API-based applications, on premises and in the cloud.

“The research clearly reveals WAF dissatisfaction in three areas,” said
Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “First,
organizations are frustrated that so many attacks are bypassing their
WAFs and compromising business-critical applications. In addition,
they’re experiencing the pain of continuous, time-consuming WAF
configuration, and administration tasks. Lastly, they’re dealing with
significant annual costs associated with WAF ownership and staffing.”

The underlying data from the research provided more insight into each of
these three areas:

  • Security – While 66% of respondent organizations consider the WAF a
    critically important security tool, 43% use their WAFs only to
    generate alerts (not to block attacks). Perhaps not surprising, 86%
    experienced application-layer attacks that bypassed their WAF in the
    last 12 months.
  • Administration – Managing legacy WAF deployments is complex and
    time-consuming, requiring an average of 2.5 security administrators
    who spend 45 hours per week processing WAF alerts, plus an additional
    16 hours per week writing new rules to enhance WAF security.
  • Cost – The CapEx and OpEx costs associated with WAF purchase and
    ongoing management are significant. In total, organizations spend an
    average of $620K annually. This includes $420K for WAF products, plus
    an additional $200K annually for the skilled staffing required to
    manage the WAF.

Despite the current frustrations of WAF users, they also indicated
specific improvements that should be made to their WAF to improve
overall effectiveness and satisfaction. Two important requirements

  • 72% of respondents would like to see more intelligence and automation
    integrated into their WAF.
  • 74% would like to see WAF functions integrated with other application
    security functions into an AI-powered software platform.

“Intelligent automation and consolidation of application security
functions are definitely two critical requirements we’re seeing
regularly with our hyper-connected customers,” said Franklyn Jones, CMO
of Cequence Security. “They rely on web, mobile, and API-based
applications to link customers, partners, and suppliers across their
digital ecosystem. And they need an intelligent, integrated application
security solution that can protect them against a broad range of
sophisticated attacks.”

Cequence protects its customers against automated attacks, malicious
bots, and application vulnerability exploits with its Application
Security Platform (ASP), a container-based software solution that can be
deployed on premises or in the cloud. The intelligence of the platform
resides with CQAI, a patented machine learning analytics engine that
automatically discovers applications deployed across the organization,
detects attacks targeting those applications, and defends against the
attacks using a variety of automated mitigation techniques.

The State of Web Application Firewalls report was completed in April
2019. Participating organizations span 16 vertical markets and the
majority have offices globally; 100% of respondents are responsible for
WAF deployments in their organization. To access the complete report,
please click here.

About Cequence Security

Cequence Security is a venture-backed cybersecurity software company
founded in 2015 and based in Sunnyvale, CA. Its mission is to transform
application security by consolidating multiple innovative security
functions within an open, AI-powered software platform that protects
customers web, mobile, and API-based applications – and supports today’s
cloud-native, container-based application architectures. The company is
led by industry veterans that previously held leadership positions at
Palo Alto Networks and Symantec. Customers include F500 organizations
across multiple vertical markets, and the solution has earned multiple
industry accolades. Learn more at