Gartner Ranks Radware #1 for API & High Security Use Cases in 2020 Critical Capabilities Report

This post is also available in: Japanese

We are proud and honored to be scored highest in two out of four Use Cases (3.57/5 for API and 3.66/5 for High Security Use Cases) in the latest 2020 Critical Capabilities for Application & API Protection report*, and we believe we are the only vendor to be scored highest in 2 out of 4 use cases.

This report follows the release of the 2020 Gartner Magic Quadrant for Web Application Firewalls wherein Radware has been placed higher and further on the ability to execute and completeness of vision axes with respect to its positioning in the 2019 report.

It is also worth noting that Kuppinger Cole recently published a piece evaluating Radware’s latest Kubernetes WAF, designed to protect containerized applications running as microservices.

Positive psychology argues that we should pause and embrace the good when it happens. It’s also good to understand the factors that contributed to a successful outcome in order to leverage them in the future.

So in this blog, we won’t be showing off (well maybe a little – after all, not a bad month for our WAAP technology!), but will rather analyze the reasons behind these endorsements.

Analyst Observations & Recommendations

Per our understanding of the report, Gartner talks about the extension of application protection from core WAF capabilities to a comprehensive set of solutions each addressing a different type of threat. Obviously, this comes as a result of the evolution of the threat landscape, with the emergence of more sophisticated tools– such as human-like bots, for instance – as well as new vulnerabilities (APIs, for example).

This is a twofold complexity – first, of getting a grip of the additional tools that are required and making the most of them, and second, managing the security so it’s maximal and consistent across a distributed information network across premises, private and public clouds. The challenge is even greater due to the velocity of application development and delivery environments today which require protection to be dynamic.

For these reasons, we believe Gartner suggests enterprises adopt a cloud-first strategy, and lay the burden of application security management on the different vendors, who are the experts. In addition, it recommends ensuring a complete coverage of the WAAP threat landscape, noting that enterprises today are looking for the “fantastic four” core capabilities – WAF, DDoS protection, bot management and API protection.

Per Gartner, enterprises should focus on a complete coverage – there are several consolidated offerings out there – rather than on compliance. A possible reason may be that these rules are normally written to address the threat landscape as it was at least 2-3 years prior.

Sharp-eyed professionals have noticed that this year’s report name has changed from Cloud WAF to Cloud WAAP. The reason is the growing importance (and risk) of broad reliance on APIs as the primary form of data exchange between applications, interconnected systems, and backend infrastructure. These APIs are not always under full control. Quite the opposite – they are a major blind spot.

These APIs – whether standard (OpenAPIs) or undocumented – need to be discovered and classified in a catalog, provide authentication and robust protection. Some big names already made headlines due to neglecting API security that ended up with data breaches. APIs are subject to embedded attacks, access violations, denial of service and automated threats.

Radware Technology & Vision

Breadth and depth. Radware focuses on security and excels in it. We believe our strength is robust and effective Web Application and API protection. Our technology combines positive and negative security models, introduces advanced machine learning of HTTP traffic and API calls that substantially reduce labor and TCO, offers fully integrated Bot Management technology as well as DefenseMessaging, a unique signaling and synchronization mechanism between our WAF and DDoS mitigation solutions.

But don’t just take our word for it. Per a recent Gartner Peer Insight review, “Radware WAF solutions are adaptable, scalable and support a hybrid architecture as well…and offer a complete protection against any security issues. The support for top 10 OWASP and 0-day attack protection are particular highlights of the product.”

Continuous innovation. We pride ourselves on our forward-looking acumen. Being ahead of the curve allows us to understand the changing requirements and partner with customers and prospects to design the solutions of tomorrow.

Our Kubernetes WAF, designed to protect containerized applications running as microservices, providing observability to both DevOps & security staff, as well as Alteon Cloud Control for application delivery and security services deployed across various environments are good examples of Radware’s innovation. This leads us to…

Use cases. On one hand, most enterprises are not “cloud-native”. On the other, most new projects leverage contemporary technologies, architectures, and practices. Therefore, many enterprises have a hybrid mix of application development and delivery environments, including premises and cloud-hosted.

It is imperative that each requires some adjustments, posing a challenge to keep web app security unified and consistent across the board. We believe Radware provides the same strong security technology in all form factors – physical or virtual appliance (also integrated with ADC), software plug-ins, Kubernetes sidecar and a fully managed cloud service with a single portal.

*Gartner, Critical Capabilities for Cloud Web Application and API Protection, Jeremy D’Hoinne, Adam Hils, Rajpreet Kaur, John Watts, 10 November 2020

Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D’Hoinne, Adam Hils, Rajpreet Kaur, John Watts, 19 October 2020

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

These graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request.

Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Watch the Cloud WAF Application Analytics webinar to learn more.

Watch Now

Ben Zilberman

Ben Zilberman is a director of product-marketing, covering application security at Radware. In this role, Ben specializes in web application and API protection, as well as bot management solutions. In parallel, Ben drives some of Radware’s thought leadership and research programs. Ben has over 10 years of diverse experience in the industry, leading marketing programs for network and application security solutions, including firewalls, threat prevention, web security and DDoS protection technologies. Prior to joining Radware, Ben served as a trusted advisor at Check Point Software Technologies, where he led channel partnerships and sales operations. Ben holds a BA in Economics and a MBA from Tel Aviv University.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center