Akamai has acquired Guardicore to extend its Zero Trust solutions and help stop ransomware. Read more



Akamai Named a 2021 Gartner Magic Quadrant Leader for Web Application and API Protection

Written by


September 22, 2021

This week, Gartner® released its new 2021 Magic QuadrantTM for Web Application and API Protection (WAAP)1 report, which replaces the Magic Quadrant for Web Application Firewalls (WAF) report, and Akamai has been named a Leader. Akamai was named a Leader in the four previous WAF Magic Quadrants.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Akamai Technologies, Inc.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Akamai Technologies, Inc.

We believe that the new WAAP Magic Quadrant is the result of Gartner’s renaming the category from WAF to WAAP to more accurately reflect the expanded set of protections that now must be offered by vendors of these products.

The term “WAAP” aligns more closely with how the market has shifted. Customers have come to require, and expect additional protections to address a rapidly growing and evolving threat landscape that more frequently includes Application Programming Interface (API) exposure, the use of automation (bots) to mount attacks, and multi-vector distributed denial-of-service (DDoS) attacks. It also reflects the trend toward consolidation of functionality as organizations seek greater operational and financial efficiency.

We  view our placement in the WAAP Magic Quadrant in two important ways, both through the lens of our customers: (1) it serves as recognition that our solutions are well-positioned to solve both our customers’ evolving security/technical and operational/business challenges; and (2) it serves as an objective market validation of how Akamai differs from and compares with other WAAP solution providers. 

In that light, one key takeaway from the report is that it underscores the increased challenges faced by security teams as they attempt to maintain pace with the inherent complexity of today’s threat landscape. Gartner states that “most security teams are forced to stick to a generic configuration and handle exceptions, ending up with a list of exceptions they can neither track nor understand, and a diminished security posture.”

To address such challenges, we’re confident that Akamai’s Application and API security portfolio has continued to make significant strides forward that bear highlighting in this context. Since the last WAF Magic Quadrant was released in October 2020, Akamai has introduced new products and significant enhancements designed to help our customers intelligently automate application and API security, mitigate online fraud, and reduce the ongoing operational overhead faced by AppSec professionals. Most were detailed recently, as part of our June 2021 Platform Update. To summarize:

  • We announced the new Adaptive Security Engine (ASE) for our WAAP portfolio — a fundamental redesign of our WAAP engine that now offers adaptive threat detections and policy self tuning to intelligently automate protections and simplify management and operational overhead. The introduction of ASE underscores comments in the report related to the need for out of the box intelligent automation, and specifically machine learning, to help organizations scale and more efficiently manage application and API protections. 

  • We added bot visibility and mitigation capabilities as a standard capability within our WAAP offering, providing the ability  to detect and mitigate bot traffic on digital properties. 

  • With the attack surface rapidly expanding to include browser-centric vectors such as malicious scripts, plug-ins and browser extensions, we introduced capabilities in Akamai Page Integrity Manager designed to mitigate client-side attacks such as  affiliate ad fraud and audience hijacking. We also introduced a free tier, making it easier for our customers to experience the ability to detect and mitigate web skimming attacks and identify script vulnerabilities in web pages.

Our Prolexic and Edge DNS products also constitute an important element in our overall approach to WAAP, namely the goal of protecting our customers’ underlying infrastructure from outages caused by DDoS attacks, which have increased markedly, not only in volume and complexity, but in terms of financial costs.

The fact that Gartner has evolved this Magic Quadrant in the manner they have is significant, because we believe  it’s reflective of the increased volume and constantly evolving nature of threats that are being faced by organizations every day. This rapid evolution of internet-borne attacks and attackers, which has naturally followed the increased reliance on, and use of, the internet by both end users and enterprises, has created a perfect storm of security challenges that AppSec teams must deal with on a daily basis. In turn, we continually strive to develop solutions and broad protections to help customers meet those challenges. To that, Akamai’s ongoing recognition as a Leader by Gartner in their Magic Quadrant reports is certainly an honor, but more important to us is that it validates our ability to fulfill our ongoing mission, which is to power and protect our customers’ digital estates.

To read the complete 2021 Gartner Magic Quadrant for Web Application and API Protection report, click here.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER and Magic Quadrant are registered trademarks and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

1Gartner, Magic Quadrant for Web Application and API Protection, Jeremy D'Hoinne, Rajpreet Kaur, John Watts, Adam Hils, Shilpi Handa, 20 September 2021

Written by


September 22, 2021