SecureIQLab Cloud Web Application Firewall (WAF) CyberRisk Validation

Test Lab

SecureIQLab

Test Title

SecureIQLab Cloud Web Application Firewall (WAF) CyberRisk Validation

AMTSO Test ID

AMTSO-LS1-TP039

Platform

Gateway/Firewall

Vendor

AWS, Barracuda, Cloudflare, F5, Fortinet, Imperva, Prophaze, Sitelock, Stackpath

Publication date

2021-12-14

Statement from Test Lab

Attackers have moved up the stack. They are no longer simply attacking the web server and its underlying operating systems; they are attacking the web applications running on the web server that are front-ending critical corporate data. Such applications are often incredibly complex and difficult to secure effectively, and simple coding errors can render them wide open to remote exploits. To help organizations regain the upper hand against current attacks, SecureIQLab has undertaken the validation of popular web application firewalls in an effort to help enterprises understand the return on security investment for WAF solutions and evolve their network defenses to prevent web servers and their applications from being exploited.

Tested products

VendorProductVendor status
AWSAWS WAFincluded
BarracudaBarracuda CloudGen WAF for AWS - PAYGincluded
CloudflareCloudflare WAFincluded
FortinetFortinet FortiWeb WAF - AWSparticipant
F5F5 Advanced WAF with LTM, IPI, and Threat Campaignsincluded
ImpervaImperva Incapsula: FlexProtect pro for Application Securityincluded
ProphazeProphaze Cloud WAFincluded
SitelockSitelock TrueShield Enterprise WAFincluded
StackpathStackpath WAFparticipant

AMTSO Standard compliance info

Notification issued

2021-06-02

Notification method

Publicly posted test plan, Contact list notification

Test plan

Commencement date

2021-06-15

Participants

2
These Vendors chose to adopt Participant status under the AMTSO Standard, gaining certain guaranteed rights in return for attestations.

“Included” Vendors

7

These Vendors did not chose to adopt Participant status under the AMTSO Standard, but may have engaged with the test lab in other ways.

Commentary dates
CommentaryStart dateEnd date
Phase 1 Commentary2021-06-152021-06-23
Phase 2 Commentary2021-10-072021-10-22

AMTSO Standard compliance status

Confirmed compliant with AMTSO Standard v1.3Compliance report