2016 Global

Web App Firewall (WAF)

Customer Value Leadership Award

2016 2016
GLOBAL
WEB APP FIREWALL (WAF)
CUSTOMER VALUE LEADERSHIP AWARD
 BEST PRACTICES RESEARCH

Contents
Industry Challenges .............................................................................................. 2

Customer Impact and Business Impact ................................................................... 3

Conclusion........................................................................................................... 5

Significance of Customer Value Leadership .................................................................... 6

Understanding Customer Value Leadership .................................................................... 6

Key Benchmarking Criteria .................................................................................... 7

Best Practice Award Analysis for Akamai ....................................................................... 7

Decision Support Scorecard ................................................................................... 7

Customer Impact ................................................................................................. 8

Business Impact................................................................................................... 8

Decision Support Matrix ........................................................................................ 9

Research Methodology ........................................................................................ 10

About Frost & Sullivan .............................................................................................. 12

© Frost & Sullivan 2016 1 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Background and Company Performance

Industry Challenges

Web applications are the lifeblood of online communications—Web applications provide the
means for businesses to interact with customers and partners. Businesses use Web
applications to enable interactive functionality on their websites, which can include
anything from registration to shopping carts, customer service, and account log-in. Many
businesses now exist that solely operate online.

Accordingly, the Web application firewall (WAF) is an essential security technology in

today’s IT networking environment. WAF monitors Web sessions, detecting and alerting or
blocking unwanted actions, illicit access, fraudulent transactions, or other efforts to
compromise the integrity of Web applications.

Although the Web application itself may not offer significant value to threat actors, these
applications are often linked to valuable back-end databases or can provide a foothold for
an intruder in the network, bypassing perimeter defenses such as next generation
firewalls (NGFWs) or intrusion prevention systems (IPS).

Yet despite the importance of a WAF solution, many organizations place a lesser priority
on deploying and updating a WAF. A Web application alone is a low value target which can
cause customers to overlook the potential damages that can be achieved through a
compromised Web application. Essentially, underestimating the risk introduced by
unprotected Web applications may provide customers a false sense of security.

Furthermore, WAF has a history as an imperfect and complex security tool that requires a
significant effort to deploy, tune, and maintain. In the past, such complexity has proven to
be a factor that contributes to the hesitation to deploy WAF solutions.

Customers have also had historical concerns about WAF accuracy. WAFs that trigger too
many false alarms, called false positives, are a burden on the time and resources of the IT
staff. Most importantly, false positives may impact the user experience, which is the top
priority in certain industries such as gaming, entertainment, and retail. WAFs that waste
time or block customers are often bypassed or shelved completely.

Despite these challenges, the importance of securing Web applications is gaining

prominence as threat actors have proven to be resourceful and resilient in their efforts to
steal data and penetrate network defenses. As a result, the WAF market grew at a high
rate of 23.5% in 2015 as documented by Frost & Sullivan research. 1 While the market is
growing rapidly, market consolidation is inevitable as only room for a handful of WAF

1
Web Application Firewall (WAF) Global Market Analysis: New Technologies and Threats
Collide to Create Expanded Opportunities, Frost & Sullivan, February 2016, available here.

© Frost & Sullivan 2016 2 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

vendors exists. Vendors that deliver a high level of customer value in their solutions can
gain in market share and prominence in the WAF market.

Customer Impact and Business Impact

Akamai is a “powerhouse” in the WAF market. Akamai’s approach to WAF leverages the
scale of its massive content delivery network (CDN) infrastructure while combining with
unique and proprietary Web security technologies. The resulting combination, called Kona
Site Defender, delivers a level of value worth noting. Though Akamai Kona Site Defender
is competitive in the “price-performance” category, the solution also excels in
performance, enhancing value, customer service excellence, and growth potential.

WAF Performance

Akamai Kona Site Defender solution provides WAF protections against Open Web
Application Security Project (OWASP) Top 10 Threats including SQL injection, cross-site
scripting (XSS), and cross-site request forgery, as well as more advanced threats such as
malicious bots, Trojan backdoors, content leakage, and application layer DDoS attacks.
Kona Site Defender is also capable of inspecting HTTPS traffic to find threats that use
encryption to bypass network defenses, using proprietary methods that do not require
customers to share sensitive SSL private keys.

Akamai Cloud Security Services are enabled by the Akamai Intelligent Platform which
consists of a distributed network of servers and software around the world processing over
two trillion transactions each day. Currently, the platform includes over 200,000 servers in
over 1,400 networks globally. As a result, Akamai has one of the largest global footprints
for collecting and analyzing Web traffic and threat data.

Within this platform, Akamai Cloud Security Intelligence (CSI) is the data processing
engine that analyzes up to 10 billion Web security events and two Petabytes (PB) of data
each day. As a frame of reference two Petabytes is equivalent to 40 million four drawer
filing cabinets filled with text. Based on the intelligence provided through the CSI engine,
the Akamai threat research team continuously updates the Kona Site Defender WAF rule
set to ensure high accuracy of threat detection. As a result, Akamai is able to provide low
false positive rates and low false negative rates, thereby ensuring that Kona Site Defender
provides reliable detection rates without wasting customers’ time and resources on false
alarms.

Enhancing Value

Kona Site Defender includes WAF functionality as well as DDoS mitigation capabilities. In
combination with the Akamai CDN service, Kona Site Defender can additionally accelerate
and optimize Web traffic. Essentially, the service provides a value “triple-threat”: it
improves application performance, protects against data breaches, and ensures

© Frost & Sullivan 2016 3 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

availability.

The solution includes additional layers of defense such as Site Shield and can be combined
with related Akamai security services such as Client Reputation or Bot Manager to provide
further protection and business benefits. For example, Bot Manager is a unique solution
that helps businesses to apply appropriate controls for the wide range of bots that impact
the business. Desirable bots can be optimized and prioritized, malicious bots can be
discovered and mitigated, and different actions such as redirect, slow, or serve alternate
content, can be applied to bots that fall into more of a “grey” area. The result is that
businesses using Bot Manager can gain more Web presence and better communicate with
customers and partners while further mitigating risk.

Customer Service Experience

Customers also have the option to subscribe to Akamai Kona Site Defender Managed
Service to enlist the assistance of Akamai’s security experts and 24x7 global Security
Operations Center in maintenance, updating, reporting, and monitoring.

The assistance provided by managed security services is invaluable. In general, a

managed service represents tremendous value to customers in numerous ways: no
existing expertise is required, no new training is required, and the customer doesn’t have
to hire any new resources to handle the additional work, either for deployment or
maintenance.

Price Performance

Akamai Kona Site Defender is a cloud service that does not require customers to deploy
new hardware or software. Customers simply point their traffic to Akamai. This low-touch
model is a tremendous value, as traditional appliance-based WAFs were often considered
hard-to-deploy, time consuming, and disruptive.

Many customers find they can reduce their overall total cost of ownership (TCO) for WAF
by purchasing Kona Site Defender, while at the same time achieving 100% availability and
unlimited capacity to handle future high-volume attacks. The savings come from the
elimination of capital expenses on on-premises hardware appliances and the associated
annual maintenance fees and depreciation for such security controls. Operational
efficiencies then improve the TCO by enabling customers to deploy the controls in far
faster intervals, and update those controls as needed, thus realizing the business benefits
sooner than an on-premises appliance-based approach.

Growth Potential

Akamai provides a high level of value by delivering leading WAF performance, simplified
deployment and management, integrated DDoS protection and Web acceleration, and

© Frost & Sullivan 2016 4 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

excellent services. As a result, Akamai Kona Site Defender has been popular with a range
of customers, from large enterprise organizations to small businesses and online
businesses. Akamai has emerged as one of the largest vendors in the “services” segment
of the WAF market.

Akamai has reported strong growth rates for its Cloud Security Services in 2015, and Kona
Site Defender remains an important strategic growth vector for Akamai.

Conclusion

Akamai has delivered a high performance, easy to implement and simple to maintain
solution to the WAF market, leveraging its massive content delivery network (CDN)
infrastructure and combining with unique and proprietary Web security technologies.
Akamai’s robust WAF solutions are delivered as a service, eliminating the need for large
upfront capital expenditures and highly specialized security professionals for maintenance.
Additionally, the services provide compelling value, being affordable for organizations of
all sizes from enterprise to small business. As a result, Akamai has earned Frost &
Sullivan’s 2016 Customer Value Leadership Award for the Web Application Firewall market.

© Frost & Sullivan 2016 5 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Significance of Customer Value Leadership

Ultimately, growth in any organization depends upon customers purchasing from your
company, and then making the decision to return time and again. Delighting customers is
therefore the cornerstone of any successful growth strategy. To achieve these dual goals
(growth and customer delight), an organization must be best-in-class in three key areas:
understanding demand, nurturing the brand, and differentiating from the competition.

Understanding Customer Value Leadership

Customer Value Leadership is defined and measured by two macro-level categories:
customer impact and business impact. These two sides work together to make customers
feel valued, and confident in their products’ quality and long shelf life. This dual
satisfaction translates into repeat purchases and a high lifetime customer value.

© Frost & Sullivan 2016 6 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Key Benchmarking Criteria

For the Customer Value Leadership Award, Frost & Sullivan analysts independently
evaluated two key factors—Customer Impact and Business Impact—according to the
criteria identified below.

Customer Impact
Criterion 1: Price/Performance Value
Criterion 2: Customer Purchase Experience
Criterion 3: Customer Ownership Experience
Criterion 4: Customer Service Experience
Criterion 5: Brand Equity

Business Impact
Criterion 1: Financial Performance
Criterion 2: Customer Acquisition
Criterion 3: Operational Efficiency
Criterion 4: Growth Potential
Criterion 5: Human Capital

Best Practice Award Analysis for Akamai

Decision Support Scorecard
To support its evaluation of best practices across multiple business performance
categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool
allows our research and consulting teams to objectively analyze performance, according to
the key benchmarking criteria listed in the previous section, and to assign ratings on that
basis. The tool follows a 10-point scale that allows for nuances in performance evaluation;
ratings guidelines are illustrated below.
RATINGS GUIDELINES

The Decision Support Scorecard is organized by Customer Impact and Business Impact
(i.e., the overarching categories for all 10 benchmarking criteria; the definitions for each
criteria are provided beneath the scorecard). The research team confirms the veracity of
this weighted scorecard through sensitivity analysis, which confirms that small changes to
the ratings for a specific criterion do not lead to a significant change in the overall relative
rankings of the companies.

© Frost & Sullivan 2016 7 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

The results of this analysis are shown below. To remain unbiased and to protect the
interests of all organizations reviewed, we have chosen to refer to the other key players
as Competitor 2 and Competitor 3.
DECISION SUPPORT SCORECARD FOR CUSTOMER VALUE LEADERSHIP AWARD

Measurement of 1–10 (1 = poor; 10 = excellent)

Customer Business Average

Customer Value Leadership Impact Impact Rating

AKAMAI 9.5 10 9.75

Competitor 2 8.5 8.5 8.5

Competitor 3 7 7.5 7.25

Customer Impact
Criterion 1: Price/Performance Value
Requirement: Products or services offer the best value for the price, compared to similar
offerings in the market

Criterion 2: Customer Purchase Experience

Requirement: Customers feel like they are buying the most optimal solution that
addresses both their unique needs and their unique constraints

Criterion 3: Customer Ownership Experience

Requirement: Customers are proud to own the company’s product or service, and have a
positive experience throughout the life of the product or service

Criterion 4: Customer Service Experience

Requirement: Customer service is accessible, fast, stress-free, and of high quality

Criterion 5: Brand Equity

Requirement: Customers have a positive view of the brand and exhibit high brand loyalty

Business Impact
Criterion 1: Financial Performance
Requirement: Strong overall financial performance in terms of revenues, revenue growth,
operating margin and other key financial metrics

Criterion 2: Customer Acquisition

Requirement: Customer facing processes support the efficient and consistent acquisition of
new customers, even as it enhances retention of current customers

Criterion 3: Operational Efficiency

Requirement: Staff is able to perform assigned tasks productively, quickly, and to a high
quality standard

© Frost & Sullivan 2016 8 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Criterion 4: Growth Potential

Requirements: Customer focus strengthens brand, reinforces customer loyalty and
enhances growth potential

Criterion 5: Human Capital

Requirement: Company culture is characterized by a strong commitment to quality and
customers, which in turn enhances employee morale and retention

Decision Support Matrix

Once all companies have been evaluated according to the Decision Support Scorecard,
analysts can then position the candidates on the matrix shown below, enabling them to
visualize which companies are truly breakthrough and which ones are not yet operating at
best-in-class levels.
DECISION SUPPORT MATRIX FOR CUSTOMER VALUE LEADERSHIP AWARD

High

Award
Recipient

Competitor 2
Business Impact

Competitor 3

Low

Low Customer Impact High

© Frost & Sullivan 2016 9 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

The Intersection between 360-Degree Research and Best

Practices Awards
Research Methodology
Frost & Sullivan’s 360-degree research
360-DEGREE RESEARCH: SEEING ORDER IN
methodology represents the analytical rigor of THE CHAOS
our research process. It offers a 360-degree-
view of industry challenges, trends, and issues
by integrating all 7 of Frost & Sullivan's
research methodologies. Too often, companies
make important growth decisions based on a
narrow understanding of their environment,
leading to errors of both omission and
commission. Successful growth strategies are
founded on a thorough understanding of
market, technical, economic, financial,
customer, best practices, and demographic
analyses. The integration of these research
disciplines into the 360-degree research
methodology provides an evaluation platform
for benchmarking industry players and for
identifying those performing at best-in-class
levels.

© Frost & Sullivan 2016 10 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

Best Practices Recognition: 10 Steps to Researching,

Identifying, and Recognizing Best Practices
Frost & Sullivan Awards follow a 10-step process to evaluate award candidates and assess
their fit with select best practice criteria. The reputation and integrity of the Awards are
based on close adherence to this process.

STEP OBJECTIVE KEY ACTIVITIES OUTPUT

Monitor, Identify award recipient • Conduct in-depth industry Pipeline of candidates who
1 target, and candidates from around the research potentially meet all best-
screen globe • Identify emerging sectors practice criteria
• Scan multiple geographies

Perform comprehensive, • Interview thought leaders Matrix positioning all

Perform 360-degree research on all and industry practitioners candidates’ performance
2 360-degree candidates in the pipeline • Assess candidates’ fit with relative to one another
research best-practice criteria
• Rank all candidates

Invite Perform in-depth • Confirm best-practice criteria Detailed profiles of all

thought examination of all candidates • Examine eligibility of all ranked candidates
3 leadership in candidates
best • Identify any information gaps
practices

Initiate Conduct an unbiased • Brainstorm ranking options Final prioritization of all

research evaluation of all candidate • Invite multiple perspectives eligible candidates and
4 director profiles on candidates’ performance companion best-practice
review • Update candidate profiles positioning paper

Assemble Present findings to an expert • Share findings Refined list of prioritized

panel of panel of industry thought • Strengthen cases for award candidates
5 industry leaders candidate eligibility
experts • Prioritize candidates

Conduct Build consensus on award • Hold global team meeting to Final list of eligible award
global candidates’ eligibility review all candidates candidates, representing
6 industry • Pressure-test fit with criteria success stories worldwide
review • Confirm inclusion of all
eligible candidates

Develop official award • Perform final performance High-quality, accurate, and

Perform consideration materials benchmarking activities creative presentation of
7 • Write nominations nominees’ successes
quality check
• Perform quality review

Reconnect Finalize the selection of the • Review analysis with panel Decision on which company
with panel of best-practice award recipient • Build consensus performs best against all
8 industry • Select winner best-practice criteria
experts

Inform award recipient of • Present award to the CEO Announcement of award

Communicate award recognition • Inspire the organization for and plan for how recipient
9 recognition continued success can use the award to
• Celebrate the recipient’s enhance the brand
performance

Upon licensing, company • Coordinate media outreach Widespread awareness of

Take
may share award news with • Design a marketing plan recipient’s award status
10 strategic
stakeholders and customers • Assess award’s role in future among investors, media
action
strategic planning personnel, and employees

© Frost & Sullivan 2016 11 “We Accelerate Growth”

 BEST PRACTICES RESEARCH

About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth
and achieve best in class positions in growth, innovation and leadership. The company's
Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined
research and best practice models to drive the generation, evaluation and implementation
of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in
partnering with Global 1000 companies, emerging businesses and the investment
community from 31 offices on six continents. To join our Growth Partnership, please visit
http://www.frost.com.

© Frost & Sullivan 2016 12 “We Accelerate Growth”