We talk frequently about the importance of having the right people and processes to make security effective. This is definitely true for Web Application Firewalls (WAF), a fairly mature technology which has been fighting perception issues for years. This quote from the paper nets it out:

Our research shows that WAF failures result far more often from operational failure than from fundamental product flaws. Make no mistake — WAF is not a silver bullet — but a correctly deployed WAF makes it much harder to successfully attack an application, and for attackers to avoid detection. The effectiveness of WAF is directly related to the quality of people and processes maintaining them. The most serious problems with WAF are with management and operational processes, rather than the technology.

Our Maximizing WAF Value paper discusses the continuing need for Web Application Firewall technologies, and address the ongoing struggles to run WAF. We also focus on decreasing time to value for WAF, with updated recommendations for standing up a WAF for the first time, what it takes to get a basic set of policies up and running, and new capabilities and challenges facing customers.

Maximizing WAF ToC

We would like to thank Akamai for licensing the content in this paper. As always, we performed the research using our Totally Transparent Research methodology.

You can download the paper (PDF).