Web Application Firewalls – More Vulnerable Than You Think

With application-layer attacks rising, security professionals are increasingly worried about the ability of their WAF to defend against rising threats.

As organizations adapt their security strategies to cope with the increase in malicious web activity, a new study by the Neustar International Security Council finds that many organizations are concerned about hackers’ ability to bypass their WAF.

5
%
of executives have said it’s not applicable
3
%
of executives have found it very difficult to alter their WAF policies
15
%
of executives said it’s very easy to alter their WAF policies
26
%
of executives said it’s moderately difficult to alter their WAF policies
51
%
of executives said it’s moderately easy to alter their WAF policies
30
%

of respondents said their organization experienced network security disruptions in the shift to remote work.

36
%
of executives said less than 10% of attacks bypassed their WAF
17
%
of executives said 51-75% of attacks bypassed their WAF
16
%
of executives said 10-25% of attacks bypassed their WAF
12
%
of executives said 76-90% of attacks bypassed their WAF
10
%
of executives said 91-100% of attacks bypassed their WAF
40
%

of executives said that 50% or more attacks have bypassed their WAF in the last 12 months

30
%

of executives say that 50% of network requests have been labelled as false positive by their WAF in the last 12 months

4
%
of executives said that that 91-100 percent of attacks have been labeled as false positives by their WAF
9
%
of executives said that 76-90% of attacks have been labeled as false positives by their WAF
17
%
of executives said that 51-75% of attacks have been labeled as false positives by their WAF
17
%
of executives said 26-50% of attacks have been labeled as false positives by their WAF
21
%
of executives said 10-25% of attacks have been labeled as false positives by their WAF
32
%
of executives said less than 10% of attacks have been labeled as false positives by their WAF
6
%
are not sure
55
%
of executives said their WAF is fully integrated with other security functions
35
%
of executives said their WAF is only integrated with some functions
4
%
of executives said that their WAF is not integrated with any other functions
over
40
%

do not have a WAF that is fully integrated into other security functions