Akamai Named a Leader in the Latest Forrester Report for WAF Solutions

When choosing a WAF, security teams have a critical responsibility: to select a solution that effectively detects and mitigates threats before they become incidents. In the Forrester Wave™: Web Application Firewall Solutions, Q1 2025, Forrester evaluates WAF providers across multiple criteria, helping security professionals navigate a crowded market.

One theme stands out to us: Not all WAFs are created equal when it comes to detection capabilities — and if there’s one thing security leaders can’t afford to get wrong, it’s detection. But effective security is about more than just catching threats. Choosing the right WAF also means investing in a vendor with a strong strategic vision, ensuring that your investment in today’s solution continues to meet tomorrow’s challenges.

And for organizations that are considering strengthening their security with a leader among WAF solutions, knowing what to look for can simplify the decision-making process. This blog post explores three key considerations — detection, long-term strategy, and procurement best practices — to help security teams make an informed choice.

When it comes to evaluating WAFs, detection isn’t just another feature — it’s the core reason to invest in a WAF in the first place. If your security solution can’t accurately detect threats in order to stop them, does anything else really matter?

Forrester’s methodology weighs “Detection models” at only 7% of the total current offering score in the Forrester Wave™: Web Application Firewall Solutions, Q1 2025. Akamai received the highest possible score for this criterion. In conversations, our customers believe detection models should be the top priority for security teams.

The report also addresses Layer 7 distributed denial-of-service [DDoS] and data leak protection. These areas of protection are also critical for detection and protection in a WAF. Akamai also earned the highest score possible in these two criteria.

To make this latest report a customized, valuable resource for your organization, you should define the criteria that your business prioritizes. How would your organization rank and assign weight to the 22 featured criteria in the report?

The bottom line: A WAF that ranks highly in single criteria or categories that aren’t priorities for your team won’t help if it falls short in real-world threat detection. If detection fails, the consequences aren’t minor — they can result in breaches, downtime, compliance violations, and loss of customer trust.

Detection, however, is just the beginning. Choosing a WAF isn’t just about today’s capabilities — it’s also about whether your security vendor is positioned to keep you protected tomorrow. A short-term solution may check the right boxes today, but will it evolve fast enough to defend your organization against the next wave of threats?

In this report, Akamai ranks highest in the Strategy category, reflecting, in our opinion, a proven roadmap, forward-thinking innovation, and customer-driven security evolution.

Here’s what we believe sets a leading WAF strategy apart:

• A clear vision – A clear understanding of where security threats are heading and how businesses will need to adapt
• A proven roadmap – A demonstrated ability to transform vision into real product advancements, ensuring ongoing protection against evolving threats

When making a WAF investment, organizations need to consider whether they are optimizing for short-term ease or long-term resilience. The reality is that attack methods will continue to change, APIs will grow more complex, and regulatory pressures will increase. A strong security strategy is not only about having the right features today — but also about ensuring that your vendor can keep up with what’s next.

• Does your WAF provider have a clear vision for the future of web application security?
• Are they continuously innovating, or will your security stagnate while threats evolve?
• Is their roadmap aligned with the needs of businesses that operate in a fast-changing digital world?

Security leaders aren’t just buying a product — they’re investing in a vendor’s ability to protect them over time. A short-sighted decision today can lead to major security gaps tomorrow. In their report, Forrester writes that “Akamai’s product vision emphasizes protecting applications without compromising on performance or customer experience. Akamai also has a robust product roadmap with new protections, capabilities to streamline operations, and a focus on regulations to help expand its customer base."

Selecting a WAF is a high-stakes decision — it is the foundation of all your adjacent security tools. With evolving threats, expanding API use, and increased cloud adoption, security teams need a solution that protects applications today while adapting with the future. But how do you compare solutions effectively?

To simplify the process, we recommend using the Ultimate WAF Evaluation Checklist — a comprehensive resource designed to help organizations assess the essential features and capabilities of modern WAF solutions. This checklist provides a structured approach to evaluating:

• Detection and threat protection. How well does the WAF handle real-world attack scenarios?
• API and application security. Can it protect against growing API-based threats?
• Ease of management and integration. Will it fit within your existing security stack?
• Performance and reliability. Does it introduce latency, or can it scale with your needs?
• Vendor maturity and innovation. Is the vendor a forward-thinking provider with a roadmap to match?

Whether you’re considering a new WAF or replacing an existing one, this checklist ensures that you focus on the right criteria — saving time and helping you choose a solution that aligns with your security and business goals.

Download the Ultimate WAF Evaluation Checklist and take the guesswork out of WAF selection.

This Forrester Wave™ analysis provides a useful lens with which to evaluate vendors, but its rankings only go so far. Security teams should look beyond the scoring weights and ask:

• Does this WAF detect and mitigate the attacks that matter most to my organization?
• Will this investment support not just today’s security challenges but also future challenges?
• Does the vendor have the vision and execution to keep up with the evolving threat landscape?

Akamai has built a track record of leadership in security by protecting some of the world’s largest enterprises. For Akamai, the recognition from Forrester in 2025 reinforces what security professionals already know: Effective detection and strategic innovation should be the top priorities when selecting a WAF.

Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here.