Analyzing 500,000 internet-exposed assets from Forbes Global 2000 enterprises, we uncovered just how uneven WAF coverage really is, and why that inconsistency creates hidden risk.
Read more about Over 50% of Enterprise External Assets Lack WAF Protection, Including PII PagesWe analyzed more than two million internet-exposed assets across cloud, on-prem, APIs, and web apps, discovered by our platform over the past 18 months. Using attacker-simulated testing, including black-box pentesting, dynamic application security testing (DAST), and active vulnerability scanning, we mapped how exploitable exposures cluster by industry and asset type. The results reveal systemic weaknesses in how organizations govern their digital perimeter, especially in environments shaped by rapid growth, third-party dependencies, and fragmented ownership.
Read more about What Over 2 Million Assets Reveal About Industry Vulnerability