A new study out last week indicates that a significant number of web application attacks bypass the WAF, and organizations struggle to tune them, and they’re not well-integrated into broader security functions. One in 10 security pros said some 50% of network requests made in the past 12 months have been labeled as false positive. The average organization employed 2.5 security administrators, who spent 45 hours per week processing WAF alerts and an additional 16 hours a week writing new rules for WAF. The WAF market is due for some considerable shake-ups in the near future.”]
Source: https://www.darkreading.com/cloud/when-wafs-go-wrong