Beijing, June 18, 2024
Despite global efforts, web application attacks continue unabated, with sophisticated attackers employing increasingly efficient and stealthy methods to exploit vulnerabilities. These attacks are a major cause of data breaches, content tampering, and business disruptions, severely impacting corporate revenue and reputation. Web Application Firewalls (WAFs) remain a critical component of enterprise cybersecurity infrastructure and trust frameworks.
According to IDC, the 2023 China WAF hardware market was valued at RMB 1.35 billion, showing a year-over-year decline of 2.6%. Major players in this market include NSFOCUS, DBAPPSecurity, Venustech, Chaitin, and Sangfor. Details are provided in the accompanying chart.
The 2023 China cloud WAF market (public and private cloud) reached RMB 2.10 billion, reflecting a 14.0% year-over-year growth. Key players include Alibaba Cloud, Huawei Cloud, Tencent Cloud, China Mobile, and CDNnetworks Security. Detailed market share information is available in the chart.
The report "China Cloud Web Application Firewall Market Share, 2023: WAAP as a Common Evolution Path" further segments the cloud WAF market by public and private cloud environments, highlighting significant differences among key players. Detailed findings are presented in the accompanying chart.
IDC identifies the following trends for technology providers:
Intelligent WAF Upgrades: Leveraging big data, machine learning, and AI, WAF products are enhancing capabilities in data analysis, threat detection, response, and security operations. The rapid deployment and refinement of AI models in cybersecurity are expanding WAF functionalities, including complex attack recognition, threat intelligence integration, automated rule generation, and improved operational efficiency through natural language interactions.
WAAP Evolution: Integrating DDoS protection, bot mitigation, and API security into WAF products enables comprehensive protection across web applications, APIs, and data. However, customer awareness and acceptance of WAAP in China need further cultivation by technology providers.
Enhanced Interoperability: The demand for integrated cybersecurity solutions is growing. WAF products must offer open APIs to facilitate seamless integration with threat intelligence, network traffic analysis, EDR, SOC, and other security tools, fostering proactive web application protection.
Cloud-Native WAF: The rising demand for WAF protection in cloud environments drives major cloud service providers to enhance their web security investments. Security technology providers are partnering with cloud services to offer software-based and cloud-native WAF solutions, aiming to secure a competitive position in the cloud WAF market.
Austin Zhao, Senior Research Manager for IDC China's Cybersecurity Market, notes that despite the global economic downturn affecting the market growth rate in 2023, the overall trend remains positive. Cloud WAF is becoming increasingly significant within the broader WAF market. The rapid adoption and improvement of AI, particularly in cybersecurity, are laying a solid foundation for the future advancements in threat identification, analysis, and automated security operations of WAF products.
