Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In our day-to-day work and conversations with security experts, one concern comes up regularly: how consistent is our WAF protection? Our answer is always the same: not as much as you think. The truth is that in the case of enterprises, web application firewall (WAF) coverage is rarely uniform. Protection is often a mixed bag of products from different vendors, managed by separate teams, each guarding only part of the attack surface.

Security teams need automation, clarity, and speed to stay ahead. This month’s updates continue to refine the CyCognito experience so you can maintain an accurate asset inventory, pivot through investigations quickly, and share the right information with stakeholders. In the past few weeks we delivered improvements across automation (including Action Rules), APIs improvements, new investigation and management options, and reporting controls for PDFs. Below is a detailed look at what is new.

Visibility without control is only half the battle. To truly stay ahead of attackers, security teams need precise access, trusted data, and efficient workflows they can rely on. That’s why we’re continuing to enhance the CyCognito platform with features that improve transparency, streamline operations, and put more power in your hands.

Today we’re releasing findings from a statistical sample of over 2 million internet-exposed assets, across on-prem, cloud, APIs, and web apps, discovered and analyzed by the CyCognito platform.

In today’s high-stakes cybersecurity landscape, one truth stands out: if you can’t see it, you can’t secure it. And if you can’t act on what you see, you’re no better off. That’s why we’re focused on delivering continuous improvements that help security teams move faster, see further, and reduce risk where it matters most.

CyCognito is always seeking additional methods to discover customer external-facing assets. One such resource is an integration with content delivery network (CDN) management systems. Many organizations manage most or all their DNS records with CDNs, as they provide IT and security teams with centralized management visibility.

Pen testers use active testing technologies to probe and analyze systems dynamically, just as an attacker does. Active testing confirms whether a vulnerability is actually exploitable, which security teams use to determine which vulnerabilities to prioritize for remediation. Active security testing delivers confidence, sorely needed in today’s IT security world where noise and false positives have become a major part of an analyst’s day.

External Attack Surface Management (EASM) emerged with a bold promise: to illuminate the dark corners of an organization’s internet-facing infrastructure. It was sold as a panacea for “you don’t know what you don’t know,” offering security leaders the ability to see everything attackers could see. The expectation was straightforward—feed the EASM solution a few IP ranges or domains, and it would map your exposed assets, vulnerabilities, and risks.

We admit it – we’ve had our heads in the clouds recently. Since we started working with Wiz as one of their integration partners, we’ve been spending even more time thinking about cloud assets. And these assets are everywhere! Gartner predicts double digit growth across all cloud segments in 2025.