Confusion among end-users and the channel about the differences of Web application firewalls (WAF) has opened up an untapped sector in the security market for integrators, according to Check Point country manager, Scott McKinnel.
It has led to a 20-page evaluation criteria being published to educate the market and end-users on Web application firewalls.
Titled, the Web Application Firewall Evaluation Criteria and released by the Web Application Security Consortium, the document provides advice on making choices among the many devices that fall into the security connectivity sector. It can be viewed at http://www.webappsec.org/projects/wafec/.
McKinnel said a lack of education, resources and time were the major contributor for confusion and low demand in the market. However, he said it was an area that was being self regulated by organisations that required the technology.
"People who have the requirement and needs for WAF are usually pretty clued into the technology," McKinnel said.
WhiteGold Solutions managing director, Dominic Whitehand, attributed the confusion to end-users and the channel.
He said they were unsure which WAF to recommend because of the specificity and variety of solutions available.
"They say that when you only have a hammer then every problem looks like a nail," Whitehand said. "Well, the recent announcement of the Web Application Firewall Evaluation Criteria is really a consortium of hammer vendors aiming to educate the market on the finer points of nail insertion technology."
Both Whitehand and McKinnel recognised the need for integrated solutions that encompass more than just WAF technology.
"Web application firewalls are only one component but not the only component among the broader range of security connectivity safeguards available," said McKinnel
Whitehead said an appliance-based Web application firewall would be a waste of money and rack space for most users.
Within the channel, McKinnel said the WAF space was ideal for integrators to establish themselves.
"It doesn't go beyond a piece of technology so it's perfect for integrators," he said. "Within the security connectivity market there is a high need for it."