Today, there are many pricing and licensing models for organizations to choose from – perpetual pricing per instance, subscription pricing by instance, by throughput, per-user, by CPU cores, metered pricing based on consumption, bring-your-own license (BYOL), pay-as-you-go (PAYG) consumption and service provider-licensing agreements (SPLA) etc.
Concerns we hear often is that the vendor pricing and licensing models do not effectively support the digital transformation initiatives and cloud transitions for the enterprise.
The biggest concern is the cost effectiveness in licensing for an on-demand provisioning of capacity for security products such as Web Application Firewall (WAF) or Web Application and API Protection (WAAP) that require a lot of compute horsepower to process and secure data. This concern is especially acute for cost predictability and capacity planning. The performance profile or the capacity constraints for a particular WAF or WAAP instance may need to be changed to accommodate the traffic profile. The licensing infrastructure and automation needs to accommodate this in a data intensive environment. A few large customers have moved some of the applications to a private cloud deployment from the public cloud due to the spike and variability in costs with metered pricing and PAYG models for traffic.
Another frequent concern is that although security staff are commonly tasked with protecting cloud environments, they frequently have no authority over the choice or management of cloud environments. Many organizations deploy not just a single cloud environment, but several such environments in parallel, further complicating the task of cloud security. It is very difficult to protect multiple cloud platforms, each with its own capabilities, APIs, management, and reporting with a consistent level of security. According to Radware’s research, 92% of organizations stated decisions about cloud platforms are made by stakeholders other than security staff. With the lack of in-house security expertise or cloud domain expertise, it may make sense to use a managed service offering.
Additional costs associated with licensing during the cloud transition is an ongoing concern. Today, an organization must pay twice for the capacity, one for the private data centers and then again for the new capacity in the cloud. In this case, a BYOL model with a license model that can recover licensing capacity already paid-for and provisioned in one environment and move it to a new environment.
Radware WAF and WAAP pricing address all of the above concerns by providing perpetual pricing for customers that want to pay one-time upfront and then a smaller ongoing support cost. For customers concerned with upfront costs, a yearly subscription model is offered. For customers that lack in-house expertise, Radware also offers a fully managed WAF/WAAP offering. Finally, to address cost concerns during cloud transition or for large enterprises and service providers that host many tenants and want to contain cost to the business, Radware also offers a global elastic licensing (GEL) pricing model. This allows organizations to source and pay license capacity globally while distributing that capacity among tenants.
Penetration testing on the other hand and is used to identify processes, security settings, or other weaknesses that a malicious actor could actively exploit. Use of unencrypted passwords, password reuse, and insecure storage of user credentials are examples of weaknesses discovered by a penetration test. To provide an objective assessment, penetration tests are best conducted by a third-party vendor.
To test the quality of protection – either of in-house code fixes or of WAF – both vulnerability scanning and penetration testing should be used both before and after code fixes and/or deployment of a WAF.
| |
Radware |
CDN-based WAF |
Public Cloud Native WAF |
Software-based WAAP |
| Perpetual pricing |
Yes |
Yes |
No |
Yes |
| Subscription Pricing |
Yes |
Yes |
Yes |
Yes |
| Hybrid platform support (multi-cloud, physical/SDDC) |
Yes |
Yes |
No |
Yes |
| BYOL |
Yes |
Yes |
No |
Yes |
| SPLA/ELA |
Yes |
Yes |
No |
Yes |
| Reclaim capacity and move to another deployment |
Yes |
No |
No |
Maybe |
| Managed Service Offering |
Yes |
Yes |
No |
Maybe (3rd Party) |
Additional Resources