Runtime protection will grow faster than security scanning, container security will have the fastest growth, and bot management will surpass traditional WAFs.
By Forrester Analyst Sandy Carielli
In the State of Application Security 2021, released in March, Forrester highlighted how enterprises are prioritizing application security and actively adopting a range of tools to support their efforts. As enterprises continue to build and enhance applications, and developers adopt new technologies/processes to build applications to increase time-to-market and enrich the customer experience, application security remains the most important security front.
Thankfully, most organizations are increasing their application security budgets. Forrester just released its report, Application Security Solutions Forecast, 2020-2025 (Global), predicting growth rates for eight application security submarkets and finding:
Runtime protection will grow faster than security scans. Application security tools fall into two broad categories: security scanning tools and runtime protection tools. Forrester expects the runtime protection market to grow slightly faster than the security scanning market, led by container security and bot management. However, the security scanning market will not stand still – we forecast that software composition analysis (SCA), interactive application security testing, static application security testing, and dynamic application security testing will all experience double-digit growth over the next five years, Among them, SCA will take the lead.
Container security will have the fastest growth. Container security tools were added to the 2021 forecast update as investments in containers increased dramatically, with enterprises citing scalability, agility, and cost reduction as the biggest benefits of their investments. The popularity of containers is driving investment in container security, and Forrester expects the container security market to have the highest growth rate in protection technology investment over the next five years.
Bot management will go beyond traditional WAFs. Forrester predicts that many of the core functions of web application firewalls (WAFs) will be replaced by bot management, enabling them to overtake traditional WAFs as the core application protection solution by 2025. Bot management can detect and prevent a range of bot-based attacks, including credential stuffing, web scraping, stockpiling/locking orders, and influencer fraud. Bot management tools protect applications from bad bots while allowing benign bots and ensuring normal users are not hindered by unnecessary captchas and challenges.