There is a great deal to consider when evaluating application security providers. Understanding your goals will help. If your goal is vendor consolidation, then selecting those that offer multiple security capabilities over single products may make more sense. And if your goal is out-of-the-box functionality, then understanding the amount of manual intervention required for each product is important. Does security efficacy matter more than meeting compliance requirements? Are you concerned about the provider’s security expertise and reputation? Or are you looking for protection from a specific threat?
Understanding your objectives is important when evaluating security solutions. Here are two questions for you to ask when considering any application security providers.
How many types of web attacks do you detect and mitigate?
Does a Web Application Firewall (WAF) protect from all attacks on a website? Is that all I need to start to meet compliance requirements?
The answer is no. The WAF is a foundational security product that helps protect from OWASP Top 10 attacks. But there are many more attacks that the WAF was not built to protect. Preventing DDoS attacks, API attacks, bot attacks, and client-side attacks all require different solutions. Nonetheless, it’s true that a WAF helps businesses meet compliance requirements.
Imperva Cloud Security Application platform includes a WAF and helps meet many compliance requirements, but also includes so much more, including API Security, Bot Protection, Client-side Protection, DDoS Protection, and DNS Protection.
There are many more questions you could ask when considering application security providers, of course. For a comprehensive list of questions and answers, download a copy of 14 Questions to Ask Your Application Security Vendor.