A rapidly growing theme for essentially every CISO I’ve been speaking with these days is: how do we get more from our security controls for less spend. Reducing costs is a good thing for any organization at any time: the savings can always go to fund other high-value initiatives. But cost reductions are particularly critical right now given the economic uncertainty organizations are facing vis-a-via COVID-19.
This theme absolutely applies to application protection and high spend on largely ineffective technologies like legacy Web Application Firewalls (WAFs). CISOs know they must have something to secure their critical websites, mobile apps, and APIs but the costs paid for these services have historically not matched the value being delivered.
We experienced this pain ourselves as practitioners before founding Signal Sciences. And that’s why it’s a particular point of pride that while speaking with Signal Sciences customers, they’ve consistently pointed to the various ways we help them reduce costs AND greatly improve their security in WAF, RASP, and API abuse technology. We excel at eliminating the pain and expense of implementation and the ongoing complexity of managing rules that are staples of many other WAFs and RASPs. For example, a 150-person company told me last week they are paying a legacy competitor $30,000 a month just for rules maintenance. That’s a lot to spend on an ongoing basis to just keep the technology running.
This has become so much of a focus of conversations of late that we built a brief paper detailing the cost savings we deliver to customers that you can download here.
In this blog, I’m going to touch on two key cost areas. Some practical advice: when you’re evaluating any technology to protect your production apps and APIs, you owe it to yourself to take a hard look at the following evaluation criteria.
Aside from the security and operational benefits our advanced web defense solution provides, Signal Sciences significantly lowers and even outright eliminates certain costs of legacy WAFs.
Time to value: fast installation in hours vs. weeks or months
You should consider the time and resources required to properly install and maintain the WAF: there are personnel and opportunity cost incurred if you choose a product that is difficult to use and requires dedicated staff to create and maintain regular expression rulesets necessary to run it in full blocking mode.
Signal Sciences next-gen WAF installs fast: our typical installs actually occur in an hour or less. In contrast, the typical legacy WAF requires three to six months for installation, much of that spent on rules tuning or otherwise ensuring that the WAF does not negatively impact apps and APIs in production.
Signal Sciences is a low-touch, high-quality WAF that doesn’t require extra headcount to manage. The real-world implementation process took less than a day and we implemented straight into blocking mode vs. monitoring for weeks or months.
—Head of Information Security at a $1B+ Financial Services Company
Managed services fees for installation and ongoing maintenance
Other WAF vendors require additional, ongoing fees for managed services to cover maintenance, support, basic rule creation, and adjusting false positives. Signal Sciences does not, resulting in a direct savings of one third to one half of the total contract costs.
Legacy WAF products require ongoing labor-intensive rules tuning to eliminate false positives due to their dependence on regular expression pattern matching rules for attack detection. Signal Sciences SmartParse, in contrast, eliminates rules tuning by evaluating the context of web requests and how they would actually execute if they reached the app or API endpoint.
This ability enables our highly accurate detections.
Incredibly fast to implement and powerful to use. We were able to get Signal Sciences up and running in just a few minutes. Unlike traditional WAFs, Signal Sciences has very little overhead in terms of time or effort and returns an exponential impact for securing our organization.
—Sr. Manager of DevOps at $10B+ Manufacturer
This is just one of many statements from satisfied customers that summarizes just a few of our key strengths, but in a much more succinct way. I encourage you to more of our Gartner Peer Insights reviews to see why our customers bestowed upon us for the second year in a row the Gartner Peer Insights Customers’ Choice distinction.
Take the next step to significant cost reduction
Learn more about Signal Sciences with these resources:
- Download this brief paper for more depth on how Signal Sciences reduces total cost of WAF and RASP ownership
- Request a demo to see how your organization can leverage our web protection technology quickly and effectively
*** This is a Security Bloggers Network syndicated blog from Signal Sciences authored by Andrew Peterson. Read the original post at: https://www.signalsciences.com/blog/secure-apps-lower-waf-total-cost-ownership/