Licensed for individual use only
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers
by Sandy Carielli and Amy DeMartine
December 20, 2019
Why Read This Report
You can use web application firewalls (WAFs) to
protect applications, apply consistent and global
security policies, and comply with regulations.
But to realize these benefits, you’ll first have to
select from a diverse set of vendors that vary by
size, functionality, geography, and vertical market
focus. Security pros should use this report to
understand the value they can expect from a
WAF provider and to select one based on size
and functionality.
This PDF is only licensed for individual use when downloaded from forrester.com or reprints.forrester.com. All other distribution prohibited.
forrester.com
Key Takeaways
Protect Applications With Web Application
Firewalls
WAFs detect attacks based on known malicious
web traffic patterns — even if those patterns
are used in unique ways. Apply WAFs to all web
assets — including service-side APIs — to properly
protect your firm from application breaches.
Select Vendors Based On Functionality
WAF vendors are either content delivery networks
(CDNs), cloud providers, network performance
vendors, or specialists. Each vendor segment
deploys WAFs in unique ways that security pros
will need to weigh to choose the right fit.
Use WAFs As Your Initial Application
Protection Technology
Consistent application of WAFs is just the
beginning of technologies to protect applications.
Deploy other application protection tools such
as bot management, API security technologies,
and runtime application self-protection tools to
protect against new attack methods and new
attack targets.
For Security & Risk Professionals

Now Tech: Web Application Firewalls, Q4 2019

Forrester’s Overview Of 31 WAF Providers

by Sandy Carielli and Amy DeMartine

with Stephanie Balaouras, Kate Pesa, and Peggy Dostie
December 20, 2019

Table Of Contents Related Research Documents

2 Protect Applications With Web Application Application Security Market Will Exceed $7 Billion
Firewalls By 2023

2 Select Vendors Based On Functionality The Forrester Tech Tide™: Zero Trust Threat
Prevention, Q3 2018
WAF Market Presence Segments
Lay Your Security Tech Foundation
WAF Functionality Segments

7 Align Individual Vendor Solutions To Your

Organization’s Needs

Recommendations Share reports with colleagues.

Enhance your membership with
12 Use WAFs As Your Initial Application
Research Share.
Protection Technology

13 Supplemental Material

Forrester Research, Inc., 60 Acorn Park Drive, Cambridge, MA 02140 USA

+1 617-613-6000 | Fax: +1 617-613-5000 | forrester.com
© 2019 Forrester Research, Inc. Opinions reflect judgment at the time and are subject to change. Forrester®,
Technographics®, Forrester Wave, TechRadar, and Total Economic Impact are trademarks of Forrester Research,
Inc. All other trademarks are the property of their respective companies. Unauthorized copying or distributing
is a violation of copyright law. [email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

Protect Applications With Web Application Firewalls

WAFs first gained prominence in 2006 due to the payment card industry data security standard (PCI
DSS) requirements, when enterprises deployed applications on-premises and deployed WAFs as
appliances.1 Back then, WAFs protected only web applications in data centers, but as applications
changed, WAFs adapted to protect applications in private, hybrid, and public cloud instances and to
protect APIs, including the server side of mobile applications. Unfortunately, WAF misuse — either by
misconfiguration or no WAF at all — has been the crux of recent notorious breaches.2 These breaches
serve as a wake-up call to firms that applications continue to need basic protection, that all web
assets require protection, and that application sprawl requires a consistent method to apply security
protections. With this renewed interest, Forrester predicts that WAF spending will reach over $1 billion
by 2022.3 Forrester defines the WAF as:

Tools that examine input to and responses from web applications and APIs to detect and block
exploits or attack attempts, and to enforce security policies based on attack signatures, protocol
standards, and anomalous detection.

Firms that apply WAFs across all web assets will:

›› Protect applications. No application code is perfect. Sometimes developers release applications

with known security flaws, while security researchers discover other zero-day attacks after code
release. WAFs protect applications by matching against known attack patterns, even when those
patterns are unique.

›› Apply consistent and global security policies. Many firms start with a goal of consistent WAF
policies to protect all applications equally — no matter where they deploy them. However, once
that goal is met, firms then demand a more risk-based approach and increase WAF protections
based on application type, business line, or data that the application touches.

›› Comply with regulations. PCI DSS requirements continue to drive the majority of WAF adoption.
However, it’s important to remember that compliance is the minimum bar and not the optimal use
case. To optimize their protections, firms must go beyond mere compliance and apply WAFs to all
applications — not just the ones that require it.

Select Vendors Based On Functionality

We’ve based our analysis of the WAF market on two factors: market size and functionality.

WAF Market Presence Segments

We segmented the vendors in this market into three categories, based on WAF revenue: large
established players (more than $100 million in WAF revenue), midsize players ($10 million to $100
million in revenue), and smaller players (less than $10 million in revenue) (see Figure 1). We did not
include vendors that we estimated to have less than $1 million in revenue.

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 2
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

FIGURE 1 Now Tech Market Presence Segments: Web Application Firewalls, Q4 2019

>$100M in annual category revenue

Akamai Technologies
Imperva
Web Application
Firewalls
Q4 2019

$10M to $100M in annual category revenue

Alibaba Cloud Microsoft*

Barracuda Networks NSFOCUS*
Citrix* Penta Security Systems
Cloudflare* Radware
DBAPPSecurity Rohde & Schwarz
Ergon Informatik Cybersecurity
F5 Networks* Signal Sciences*
Instart* Verizon*

<$10M in annual category revenue

A10 Networks Qualys

Amazon Web Services Reblaze
Chaitin Tech StackPath
Fastly Templarbit
Indusface Tencent Cloud
Kemp ThreatX
Oracle Wallarm

*Forrester estimate

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 3
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

WAF Functionality Segments

To explore functionality at a deeper level, we broke the WAF market into four segments, each with
varying capabilities (see Figure 2 and see Figure 3):

›› CDN-adjacent WAFs guard on the network edge. CDNs optimize delivery of web pages and
other web content based on the geographic location of users. Many CDNs also offer security
controls such as WAFs, which customers can deploy before a web server or — even better — at
the edge of the CDN, closer to the origin of malicious traffic, giving even better performance to web
content. However, to protect web assets, CDNs must route web traffic to these assets through their
network. Forrester only included vendors that create their own WAFs rather than ones that partner
with third parties to offer WAF functionality.

›› Cloud-provider-adjacent WAFs offer protection as a cloud service. Public cloud adoption is

now 58% in North America and 56% in Europe, according to surveyed infrastructure decision
makers in those regions.4 As cloud adoption matured and applications migrated to the cloud, cloud
providers offered WAFs as an add-on service. Developers adopt these WAFs due to their easy
deployment and configuration as part of their application cloud deployment.

›› Network-performance-adjacent WAFs originated as part of load balancing. Network-

performance-adjacent WAFs protect in the exact opposite as the CDN-adjacent WAFs — directly in
front of web assets. These vendors originally started as appliances and performed load balancing
duties in addition to protecting applications. As applications evolved, network-performance-
adjacent WAFs became virtual appliances that customers can place anywhere, including the cloud.

›› WAF specialists offer layer 7 protection as part of a security portfolio. Deployments of WAFs
from specialists include appliances, virtual appliances, or rerouting web traffic through specific
network PoPs like CDN-adjacent WAFs. WAF specialist vendors focus on web asset protection and
include WAFs as part of their portfolio of products.

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 4
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

FIGURE 2 Now Tech Functionality Segments: Web Application Firewalls, Q4 2019, Part 1

CDN-adjacent Cloud-provider-
WAF adjacent WAF

Proprietary rulesets

Supports compliance

Modification of rules

Rule confidence level

Data leak prevention

Process encrypted traffic

Crowdsourced rules

Suggested rules

Autoimplemented rules

Flexible application of rules

Segment functionality None Low Moderate High

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 5
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

FIGURE 3 Now Tech Functionality Segments: Web Application Firewalls, Q4 2019, Part 2

Network- WAF specialist

performance-
adjacent WAF

Proprietary rulesets

Supports compliance

Modification of rules

Rule confidence level

Data leak prevention

Process encrypted traffic

Crowdsourced rules

Suggested rules

Autoimplemented rules

Flexible application of rules

Segment functionality None Low Moderate High

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 6
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

Align Individual Vendor Solutions To Your Organization’s Needs

The following tables provide an overview of vendors with details on functionality category, geography,
and vertical market focus (see Figure 4, see Figure 5, and see Figure 6).

FIGURE 4 Now Tech Large Vendors: Web Application Firewalls, Q4 2019

>$100M in annual category revenue

Primary Geographic Vertical market

functionality presence focus (top three Sample
segments (by revenue %) by revenue %) customers

Akamai CDN-adjacent NA 58%; LATAM 4%; Media and CashFlows;

Technologies WAF EMEA 20%; AP 18% entertainment; Douglas Omaha
financial services; Technology
retail Commission; Luisa
Via Roma

Imperva WAF specialist NA 45%; LATAM 5%; Financial services; Amadeus; Digicert;
EMEA 22%; AP 28% media and NTT Technocross
entertainment;
retail

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 7
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

FIGURE 5 Now Tech Midsize Vendors: Web Application Firewalls, Q4 2019

$10M to $100M in annual category revenue

Primary Geographic Vertical market

functionality presence focus (top three Sample
segments (by revenue %) by revenue %) customers

Alibaba Cloud Cloud-provider- NA 5%; EMEA 5%; AP Financial services; AirAsia; HK

adjacent WAF 90% retail; government Express;
Zhaopin.com

Barracuda Network- NA 48%; LATAM 1%; Financial services; Vendor did not
Networks performance- EMEA 31%; AP 20% healthcare; retail disclose
adjacent WAF

Citrix Network- NA 61%; LATAM 2%; Retail; financial Dataport; Essar

performance- EMEA 26%; AP 11% services; Group; Ministry of
adjacent WAF healthcare the Interior

Cloudflare CDN-adjacent NA 53%; LATAM 2%; Retail; financial AO.com;

WAF EMEA 24%; AP 21%* services; media AutoTrader; Ultius
and entertainment*

DBAPPSecu- Network- AP 100% Government; China Nation

rity performance- financial services; Clearing Center, the
adjacent WAF telecom People’s Bank of
China; China
Telecom; The
People’s Insurance
Co. (Group) of
China

Ergon WAF specialist NA 1%; EMEA 91%; AP Financial services; Generali; Raiffeisen;
Informatik 8% insurance SBB (Swiss
Railways)

F5 Networks Network- NA 90%; EMEA 5%; AP Financial services; Bangladesh Post

performance- 5%* retail Office; Miele;
adjacent WAF Shawbrook

Instart WAF specialist NA 75%; LATAM 6%; Retail; travel and Neiman Marcus
EMEA 12%; AP 7% hospitality;
financial services

*The vendor did not provide information for this cell; this is Forrester’s estimate.

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 8
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

FIGURE 5 Now Tech Midsize Vendors: Web Application Firewalls, Q4 2019 (Cont.)

$10M to $100M in annual category revenue

Primary Geographic Vertical market

functionality presence focus (top three Sample
segments (by revenue %) by revenue %) customers

Microsoft Cloud-provider- NA 44%; LATAM 1%; Financial services; Vendor did not
adjacent WAF EMEA 37%; AP 18% retail; disclose
manufacturing

NSFOCUS WAF specialist NA 1%; AP 99% Financial services; Bank of China;

telecom; China Mobile; State
government Grid

Penta WAF specialist NA 1%; LATAM 2%; Government; Vendor did not
Security EMEA 5%; AP 92% financial services disclose
Systems

Radware Network- NA 32%; LATAM 11%; Technology; Copa Airlines;

performance- EMEA 27%; AP 30% government; retail Outbrain; Tierpoint
adjacent WAF

Rohde & WAF specialist NA 4%; LATAM 2%; Financial services; ALD; City of
Schwarz EMEA 90%; AP 4% healthcare; Walldorf; French
Cybersecurity government Ministry of the
Interior

Signal WAF specialist NA 87%; EMEA 6%; AP Financial services; Chick-fil-A; Under
Sciences 7% high-tech; media Armour; WeWork
and entertainment

Verizon CDN-adjacent NA 69%; LATAM 2%; Financial services; Logictravel; Novica;

WAF EMEA 12%; AP 17% travel and Tripwire
hospitality; retail

*The vendor did not provide information for this cell; this is Forrester’s estimate.

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 9
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

FIGURE 6 Now Tech Small Vendors: Web Application Firewalls, Q4 2019

<$10M in annual category revenue

Primary Geographic Vertical market

functionality presence focus (top three Sample
segments (by revenue %) by revenue %) customers

A10 Network- NA 45%; LATAM 4%; Retail; healthcare; Alamo Colleges

Networks performance- EMEA 12%; AP 39% media and District; Dubai Civil
adjacent WAF entertainment Aviation Authority;
Real Estate
Development Fund
(Saudi Arabia)

Amazon Cloud-provider- NA 60%; EMEA 30%; Financial services; Dow Jones;

Web adjacent WAF AP 10%* retail; media and Mapbox; Pearson
Services entertainment

Chaitin Tech WAF specialist AP 100% Financial services; Agricultural Bank of

high-tech; energy China; Bilibili; Didi
and utilities Chuxing

Fastly CDN-adjacent NA 60%; LATAM 5%; Retail; media and Alaska Airlines; The
WAF EMEA 30%; AP 5%* entertainment; New York Times;
high-tech Pinterest

Indusface WAF specialist NA 15%; LATAM 5%; Financial services; CxC Networks;
EMEA 5%; AP 75% media and HDFC Life; Indusind
entertainment; Bank; TCS
retail

Kemp Network- NA 47%; EMEA 50%; Government; AAA; Dealogic;

performance- AP 3% healthcare PlanetDDS
adjacent WAF

Oracle Cloud-provider- NA 65%; LATAM 5%; Retail; travel and Vendor did not
adjacent WAF EMEA 25%; AP 5%* hospitality; disclose
manufacturing

*The vendor did not provide information for this cell; this is Forrester’s estimate.

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 10
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

FIGURE 6 Now Tech Small Vendors: Web Application Firewalls, Q4 2019 (Cont.)

<$10M in annual category revenue

Primary Geographic Vertical market

functionality presence focus (top three Sample
segments (by revenue %) by revenue %) customers

Qualys WAF specialist NA 60%; LATAM 5%; Financial services Arabbank; Liberty
EMEA 30%; AP 5% University

Reblaze WAF specialist NA 36%; LATAM 4%; Travel and eBay; Forbes
EMEA 42%; AP 18% hospitality; retail; Media; SolarWinds
high-tech

StackPath CDN-adjacent NA 60%; LATAM 10%; Retail; high-tech Modx.com;

WAF EMEA 20%; AP 10% Sovrn.com;
Totalserversolutions
.com

Templarbit WAF specialist NA 89%; EMEA 1%; AP Financial Clemson University;

10% services; retail; Coinbase; D2iQ;
high-tech vArmour

Tencent CDN-adjacent NA 5%; AP 95% Retail; financial Carrefour China;

Cloud WAF services; China Construction
government Bank; China
Literature

ThreatX WAF specialist NA 95%; AP 5% Retail; healthcare; BMC; Cherwell

high-tech Software; Denver
Health

Wallarm WAF specialist NA 60%; EMEA 40% Financial MedNet; SEMRush;

services; UZ Leuven
healthcare;
high-tech

*The vendor did not provide information for this cell; this is Forrester’s estimate.

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 11
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

Recommendations

Use WAFs As Your Initial Application Protection Technology

Don’t start and stop application security with WAFs. Although WAFs are good at protecting against
known malicious attack patterns, new attacks such as bots and new attack targets such as APIs require
additional protections. Once you apply your WAFs across all applications, consider that you must:

›› Use bot management to remove malicious automated traffic. Using programming know-
how, malicious attackers create automated attacks that mimic human behavior. These attacks
are usually too low and slow or masked as good human traffic to be caught by WAFs. Use bot
management tools instead to thwart these complex attacks.5

›› Apply API security technologies to reinforce APIs. Applying the full stack of API-specific
defenses offers APIs a level of protection beyond that of other web assets. API management
solutions provide authorization, authentication, and rate limiting based on identity.6 Additional tools
read API specification files and create positive security rules. Layer the technologies to achieve
optimal protection.

›› Deploy runtime application self-protection to hide security flaws from attackers. Today,
WAFs have a limited attack response such as block, delay, and misdirect. However, the best
response would be for the application to run as if security flaws didn’t exist in the first place. This
is the promise of runtime application self-protection (RASP) tools.7 Use RASP tools to protect
applications that don’t have active development teams or applications that change quickly.
Unfortunately, RASP tools consume processing power while creating their virtual patches. Use a
WAF in conjunction with a RASP tool to reduce the load the RASP will consume by rejecting known
bad traffic.

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 12
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

Engage With An Analyst

Gain greater confidence in your decisions by working with Forrester thought leaders to apply
our research to your specific business and technology initiatives.

Analyst Inquiry Analyst Advisory Webinar

To help you put research Translate research into Join our online sessions
into practice, connect action by working with on the latest research
with an analyst to discuss an analyst on a specific affecting your business.
your questions in a engagement in the form Each call includes analyst
30-minute phone session of custom strategy Q&A and slides and is
— or opt for a response sessions, workshops, available on-demand.
via email. or speeches.
Learn more.
Learn more. Learn more.

Forrester’s research apps for iOS and Android.

Stay ahead of your competition no matter where you are.

Supplemental Material

Market Presence Methodology

We defined market presence in Figure 1 based on revenue.

To complete our review, Forrester requested information from vendors. If vendors did not share this
information with us, we made estimates based on available secondary information. We’ve marked
companies with an asterisk if we estimated revenues or information related to geography or industries.
Forrester fact-checked this report with vendors before publishing.

Companies Interviewed For This Report

We would like to thank the individuals from the following companies who generously gave their time
during the research for this report.

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 13
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

A10 Networks Microsoft

Akamai Technologies NSFOCUS

Alibaba Cloud Oracle

Amazon Web Services Penta Security Systems

Barracuda Networks Qualys

Chaitin Tech Radware

Citrix Reblaze

Cloudflare Rohde & Schwarz Cybersecurity

DBAPPSecurity Signal Sciences

Ergon Informatik StackPath

F5 Networks Templarbit

Fastly Tencent Cloud

Imperva ThreatX

Indusface Verizon

Instart Wallarm

Kemp

Endnotes
For more information about the history of WAFs, see the Forrester report “Web Application Firewall: 2010 And
1

Beyond.”

In the case of Capital One, the breach was attributed to WAF misconfiguration. Source: Brian Krebs, “What We Can
2

Learn from the Capital One Hack,” Krebs on Security blog, August 2, 2019 (https://krebsonsecurity.com/2019/08/
what-we-can-learn-from-the-capital-one-hack/).

Other breaches such as the ones that occurred at Equifax and British Airways could have been prevented with a
properly configured WAF. Source: “3 Massive Data Breaches that Could Have Been Easily Avoided,” Penta Security
Blog, October 25, 2018 (https://www.pentasecurity.com/blog/3-notorious-data-breaches-easily-avoided/) and Thomas
Pohle, “BA Data Breach Could Have Been Prevented By Web Application Firewalls,” Link11 DDoS blog, September 7,
2018 (https://www.link11.com/en/blog/ba-data-breach-could-have-been-prevented-by-web-application-firewalls/).
3
See the Forrester report “Forrester Analytics: Application Security Solutions Forecast, 2017 To 2023 (Global).”

For more information on spending predictions for application security, see the Forrester report “Application Security
Market Will Exceed $7 Billion By 2023.”
4
Source: Forrester Analytics Global Business Technographics® Infrastructure Survey, 2019.

For more information about bot management tools, look for Forrester’s upcoming report about bot management in Q4
5

of 2019.

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 14
[email protected] or +1 866-367-7378
For Security & Risk Professionals December 20, 2019
Now Tech: Web Application Firewalls, Q4 2019
Forrester’s Overview Of 31 WAF Providers

For more information about API management solutions, see the Forrester report “The Forrester Wave™: API
6

Management Solutions, Q4 2018.”

For more information about RASP tools, see the Forrester report “The Forrester New Wave™: Runtime Application
7

Self-Protection, Q1 2018.”

© 2019 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 15
[email protected] or +1 866-367-7378
We work with business and technology leaders to develop
customer-obsessed strategies that drive growth.
Products and Services
›› Core research and tools
›› Data and analytics
›› Peer collaboration
›› Analyst engagement
›› Consulting
›› Events

Forrester’s research and insights are tailored to your role and

critical business initiatives.
Roles We Serve
Marketing & Strategy Technology Management Technology Industry
Professionals Professionals Professionals
CMO CIO Analyst Relations
B2B Marketing Application Development
B2C Marketing & Delivery
Customer Experience Enterprise Architecture
Customer Insights Infrastructure & Operations
eBusiness & Channel ›› Security & Risk
Strategy Sourcing & Vendor
Management

Client support
For information on hard-copy or electronic reprints, please contact Client Support at
+1 866-367-7378, +1 617-613-5730, or [email protected]. We offer quantity
discounts and special pricing for academic and nonprofit institutions.

Forrester Research (Nasdaq: FORR) is one of the most influential research and advisory firms in the world. We work with
business and technology leaders to develop customer-obsessed strategies that drive growth. Through proprietary
research, data, custom consulting, exclusive executive peer groups, and events, the Forrester experience is about a
singular and powerful purpose: to challenge the thinking of our clients to help them lead change in their organizations.
For more information, visit forrester.com. 157797