We are in the process of implementing a WAF, but we need to decide which WAF to acquire based on 3 main aspects:
1. Security: Which one offers the best response to known and 0 day threats?
2. Administration: Which one is more intuitive and easy to administrate?
3. Benefit vs. cost