6 Tips for Selling a Web Application Firewall Solution

Move beyond high-level conversations about security to explain how security threats differ and why your clients need a WAF to protect their websites and cloud-based apps.

Web Application Firewall

One of the hurdles that managed services providers (MSPs) and value-added resellers (VARs) must overcome is getting their clients to understand the outcomes they can expect from technology investments. It’s also helpful when a client understands a product’s name and acronym. Take “WAF,” for example. It’s not immediately apparent to most customers that WAF stands for “web application firewall.” Additionally, when some of your prospects hear “firewall,” they may assume it’s just another name for a network firewall, which they already have; therefore, they don’t need another one.

Here are six tips for selling WAF solutions and providing your clients with a crucial layer of security.

1Define the pain.

Find out if you’re talking to a business owner who has dealt with malware a few times this year or whose website is constantly getting hacked. Maybe your prospect hasn’t experienced a significant cyberattack yet but knows that if they do, they’re out of business because of the type of data they use and store.

2Talk about what network firewalls don’t do.

Network firewalls are designed to protect your clients’ IT systems from attacks in the network and transport layers (layers 3 and 4 of the Open Systems Interconnection model). However, if your customer or prospect transmits data via the internet or has a web presence, a network firewall isn’t enough. Web application firewall solutions are specifically designed to analyze traffic coming into a web application.

3Explain the difference between WAF and intrusion protection.

Your prospects with intrusion detection systems (IPS) may wonder why they need a web application firewall solution. While an IPS monitors traffic coming into a business’ network, it’s often incapable of detecting malicious HTTP traffic or protecting against a distributed denial of service (DDoS) attack that floods a website or web application with a high traffic volume.

4Show prospects how they can afford the web application firewall solution they need.

So, you’ve convinced your customer or prospect that their security strategy is missing the vital component of a web application firewall solution. But they probably aren’t convinced yet that they can afford a WAF or the resources to manage it. WAF as a Service is the answer they need. Partnering with a vendor with a WAF as a Service offering will enable you to quickly implement a full-featured WAF for your clients and bill them monthly for the solution and your services.

5Be realistic about ROI.

With some of your solutions, your clients can easily calculate return on investment (ROI). For example, if software saves 30 minutes of labor per day that a $20 per hour employee routinely performs, your client would save $70 per week or around $280 per month. Depending on the software license or SaaS subscription cost, the business could see ROI after just a few weeks.

ROI of security solutions is more challenging to determine. Security solution ROI is more like buying an insurance policy than a business solution that increases efficiency or productivity. To help explain the ROI of web application firewall solutions, security solution provider F5 commissioned Forrester Consulting to quantify the benefits, including:

  • Improved security posture
  • Eliminating time spent on issues that IT resources investigate manually
  • Preventing costs associated with security incidents
  • Avoiding revenue losses because customers can’t access applications
  • Avoiding data breaches and related costs

6Close with the value you provide.

IT security is more than implementing a single solution – it combines WAF, IPS, virus protection, access management and other solutions. Your client needs a comprehensive, layered approach to security that addresses data protection and compliance needs. They also need 24/7 monitoring and response and the services you provide.

Confidently deliver the message that your team has the expertise, resources, and capabilities your prospects need.