In recent years, there have been several high-profile incidents of cyberattacks on Web applications and API solutions, which have highlighted the need for increased security measures. As the rate of global cyberattacks has risen by 38% in 2022, many businesses and organizations are in need to take action and mitigate these risks to protect their assets from cyber threats.
GigaOm Radar for Application and API Security (AAS) report offers an in-depth overview of vendors in the application and API security space, rating different solutions based on how and where they protect applications, providing IT decision-makers with the information needed to select the best fit for their business and use case requirements.
The report evaluates and rates vendors based on a set of key criteria, including security capabilities, ease of use, and overall value. The report covers a range of topics, including web application firewalls (WAFs), runtime application self-protection (RASP), API security gateways, and vulnerability scanning and testing tools. It also provides an overview of the application and API security landscape, including market trends and vendor profiles, evaluating the strengths and weaknesses of specific security products and services, and providing insights into their capabilities and suitability for different use cases.
The 2023 GigaOm Radar report has ranked CloudGuard Appsec/open-appsec as a Leader and a Fast Mover in the Application and API security space.
Some background
CloudGuard Appsec/open-appsec is Check Point’s Web Application & API Security solution that provides precise preemptive prevention against the most sophisticated zero-day and OWASP-Top-10 attacks, without relying on signature updates. Instead, it uses contextual machine learning and AI algorithms to identify and block potential attacks before they can exploit vulnerabilities.
In addition, open-appsec is an open-source solution, available at GitHub, that supports all typical deployment platforms like VMs, Kubernetes, and Docker and integrates with Kong and other web proxies and ingress controllers for K8s.
CloudGuard Appsec/open-appsec reduces the administrative effort as well as the amount of false positives significantly while providing strongest protection even for unknown attacks. As signatures for new attacks by design can only be created after new attacks have been published, a WAF solution that relies solely on signatures will never protect preemptively (in advance) against zero-day attacks. This is especially important as a vulnerability usually exists for a long time within the affected code of a software or a library, before the first public disclosure of a corresponding CVE record describing it.
Recent examples are Log4j, Spring4Shell, and other major attacks, which caused widespread damage to countless organizations. Log4j alone was a critical security flaw that allowed attackers to execute arbitrary code on vulnerable systems, which resulted in massive data breaches, ransomware attacks, and other malicious activities. In recent years, it has affected several organizations, including the likes of Oracle, Microsoft, and Amazon. For example, in December 2021, Cisco announced that several of its products were vulnerable to Log4j attacks. In response, the company issued patches for the affected products and advised customers to apply them immediately to avoid potential exploitation of the vulnerabilities.
CloudGuard AppSec/open-appsec was the only WAF solution able to preemptively block zero-day attacks as such.
GigaOm Radar Analysis
The GigaOm report has mapped out market leaders based on several segments. Many state-of-the-art key players in the field of WAF solutions were analyzed, such as F5, Cloudflare, Imperva, Redware, Netscaler, ThreatX, Barracuda, Check Point’s CloudGuard Appsec/open-appsec, and many others.
The report focused on the following Market segments as key factors that will impact an organization’s choices for Application and API security solutions – SMB, Large enterprise, Service providers, Public sector, and Specialized solutions that are aimed at specific vertical markets. In addition, the report compared the different vendors based on Deployment models, testing the effectiveness of each solution in different deployment options - Public Cloud, SaaS/private cloud, Physical servers, Virtual servers such as VMs, and Containers such as Kubernetes.
The report also conducted Key Criteria and Evaluation Metrics comparisons, which resulted in a forward-looking circle radar chart, that positioned all the vendors in accordance with their products’ technical capabilities and feature sets.
The vendors were divided into 3 groups - each represented with a concentric ring. The products with the highest overall value were ranked as ‘Leaders’ and located at the closest ring to the center, followed by ‘Challengers’ at the middle ring, and ‘New Entrants’ at the external ring. Each vendor was marked with an arrow that indicated the report’s forward-looking assessment, plotting both the current position of each solution on the chart, as well as its projected position over the coming 12 to 18 months. The length of the arrows indicates the expected growth rate of each solution based on their strategy and pace of innovation. The chart was also divided into 4 quarters, balancing 2 axes – ‘Maturity’ vs. ‘Innovation’, and ‘Feature Play’ vs. ‘Platform Play’.
CloudGuard Appsec/open-appsec was ranked as a Leader and positioned in the closest ring to the center and was evaluated also as a Fast Mover, projected to grow fast in the coming 12 to 18 months and deepen its location towards the center even more. According to the report “the closer to center a solution sits, the better its execution and value, with top performers occupying the inner Leader circle”. In addition, CloudGuard Appsec/open-appsec was recognized as a leader in the quarter of ‘Innovation’ and ‘Feature Play’ indicating its cutting-edge functionality.
The report indicated that CloudGuard Appsec/open-appsec’s greatest strength lies in its expansive cloud security offering that merges existing security tooling with newer, innovative AI/ML functionality. According to the report, with CloudGuard Appsec/open-appsec’s various options of architecture, users will likely to find an architecture and price point that will suit their organization’s needs.
GigaOm analyst Don Vittie states:
“Check Point’s willingness to embrace the future without abandoning the past is its greatest strength. Organizations with experience in traditional security tooling will find it available in the Check Point solution, alongside modern AI-powered solutions to reduce workload. We also like the comprehensive simplicity of the solution, where one of three services – opensource, local, or as a service – will meet most customer’s needs regardless of architecture”.
The report points out that Check Point has also made sure not to abandon traditional security tooling. For example, CloudGuard Appsec/open-appsec still includes tools like Snort, which means that security professionals can easily move over to the solution “without having to relearn their jobs from scratch”. As stated, “Check Point has moved fully into the world of modern security monitoring, so users have access to tool sets for both today and tomorrow.”
Final Takeaways
open-appsec/CloudGuard AppSec is a fully automated web application and API security solution powered by ML. In this article, you learned how open-appsec works and how to implement it for your use case. The importance of security on the internet can never be overemphasized. With open-appsec, you can stay one step ahead of malicious players that wish to disrupt your applications with new threats. open-appsec helps you achieve this using preemptive threat prevention, ML-based bot activity prevention, ML-based attack indicator detection, schema validation, and traditional signature-based protection (IPS with Snort support).
The unique machine learning is based on two models (off-line/supervised and on-line/unsupervised) sets it apart from other WAF solutions, enabling it to offer first-class security with minimal configuration or maintenance, but most importantly it can block zero-day attacks with default product settings and no software updates required. This was proven in multiple real-world cases in the last 18 months.
GigaOm Radar’s take was indeed welcoming for AI and ML capabilities:
“We are seeing an ever-increasing reliance on AI and ML for AAS, and for all security-oriented markets. There are too few security professionals and an ever-growing portfolio of applications that must be protected on an ever-growing number of platforms. AI and ML capabilities that improve responsiveness and reduce staffing required to secure applications properly will be welcomed. Put another way, the future involves more AI and less human intervention, so any of the products in this analysis moving forward rapidly with AI capabilities are good candidates for shortlisting”.
For a deeper dive into the report’s analysis, obtain the GigaOm Radar Report.
To learn more about CloudGuard Appsec/open-appsec’s ML, download the White Paper Preemptive Web Application Protection using Contextual Machine Learning.
You can experiment hands-on with open-appsec in live Playgrounds here.
Video Tutorials are available here.
