Bonitasoft announced that the Bonita platform is now available with advanced low-code features that permit better collaboration between citizen developers and professional developers.
Only 40% of organizations are satisfied with their WAF, according to a new Ponemon Institute report – The State of Web Application Firewalls.
"The research clearly reveals WAF dissatisfaction in three areas," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "First, organizations are frustrated that so many attacks are bypassing their WAFs and compromising business-critical applications. In addition, they're experiencing the pain of continuous, time-consuming WAF configuration and administration tasks. Lastly, they're dealing with significant annual costs associated with WAF ownership and staffing."
The underlying data from the research provided more insight into each of these three areas:
■ Security – While 66% of respondent organizations consider the WAF a critically important security tool, 43% use their WAFs only to generate alerts (not to block attacks). Perhaps not surprising, 86% experienced application-layer attacks that bypassed their WAF in the last 12 months.
■ Administration – Managing legacy WAF deployments is complex and time-consuming, requiring an average of 2.5 security administrators who spend 45 hours per week processing WAF alerts, plus an additional 16 hours per week writing new rules to enhance WAF security.
■ Cost – The CapEx and OpEx costs associated with WAF purchase and ongoing management are significant. In total, organizations spend an average of $620K annually. This includes $420K for WAF products, plus an additional $200K annually for the skilled staffing required to manage the WAF.
Despite the current frustrations of WAF users, they also indicated what specific improvements should be made to their WAF to improve overall effectiveness and satisfaction. Two important requirements emerged.
■ 72% of respondents would like to see more intelligence and automation integrated into their WAF.
■ 74% would like to see WAF functions integrated with other application security functions into an AI-powered software platform.
Intelligent automation and consolidation of application security functions are definitely two critical requirements we're seeing regularly with our hyper-connected customers, who rely on web, mobile and API-based applications to link customers, partners, and suppliers across their digital ecosystem. And they need an intelligent, integrated application security solution that can protect them against a broad range of sophisticated attacks.
Methodology: The State of Web Application Firewalls report was completed in April 2019. The report is based on data gathered from 595 organizations across the US. On average, they have each deployed 158 web, mobile, and API-based applications, on premises and in the cloud. Participating organizations span 16 vertical markets and the majority have offices globally; 100% of respondents are responsible for WAF deployments in their organization.
Industry News
Solo.io announced WebAssembly Hub, a service for building, sharing, discovering and deploying WebAssembly (Wasm) extensions for Envoy Proxy-based service meshes.
Datawire unveiled the new Ambassador Edge Stack 1.0, an integrated edge solution that empowers developer teams to rapidly configure the edge services required to build, deliver and scale their applications running in Kubernetes.
Compuware has signed a definitive agreement to acquire the assets of INNOVATION Data Processing, a provider of enterprise data protection, business continuance and storage resource management solutions serving the mainframe market.
Dynatrace announced its Autonomous Cloud Enablement (ACE) Practice to accelerate DevOps’ movement to autonomous cloud operations.
NS1, announced the expansion of its suite of integrations to include Kubernetes, Consul, Avi Networks (VMWare NSX), NGINX, and HAProxy.
CloudBees announced an extension of its partnership with Google. As a Google Cloud Run launch partner, CloudBees will offer developers more flexibility in their deployment of containerized applications.
EPAM Systems has expanded its crowdtesting software solutions to enable user story testing.
Parasoft announced the newest release of Parasoft C/C++test, the unified C and C++ development testing solution for enterprise and embedded applications.
Datadog announced Security Monitoring, a new product that enables real-time threat detection across the entire stack and deeper collaboration between security, developers, and operations teams.
Pulumi announced the availability of Pulumi Crosswalk for Kubernetes, an open source collection of frameworks, tools and user guides that help developers and operators work better together delivering production workloads using Kubernetes.
CloudBees announced a Preview Program for CloudBees CI/CD powered by Jenkins X, a Software as a Service (SaaS) continuous integration and continuous delivery solution running on Google Cloud Platform.
Rancher Labs announced the general availability of K3s, their lightweight, certified Kubernetes distribution purpose built for small footprint workloads, along with the beta release of Rio, their new application deployment engine for Kubernetes that delivers a fully integrated deployment experience from operations to pipeline.
WhiteSource announced a new integration with Codefresh, the Kubernetes-native CI/CD solution.