75% of IT Leaders Lack Confidence in Their Web Application Security

New Research from Cymatic and Pulse Reveals Shortfalls in Common Approaches to WebAppSec

34% of Respondents Use 10+ Products to Protect Web Applications, while 65% of Organizations Experienced Cyber Attacks that Bypassed Their WAF

RALEIGH, N.C.–(BUSINESS WIRE)–#clickclickdoneCymatic today released new research detailing the state of web application security. Although IT leaders appear somewhat confident in the solutions they currently have in place, reliance on multiple products makes seamless integration of new tools—and therefore overall cyber threat prevention—a significant challenge.

Pulse conducted the survey of C-suite and VP-level executives across information technology and cybersecurity, which found that the most prevalent approaches to web application defense fail to engender the trust required for successful cyber attack protection. Key findings include:

  • 91% of executives spend up to a third of their web app technology budget on security, privacy, and compliance activities, but they continue to rely heavily on strong password requirements for cyber attack protection
  • MFA, WAFs, and CAPTCHAs are the top technologies most used to protect web applications, at 75%, 74%, and 63%, respectively
  • 73% of respondents say account takeovers are the attack scenarios that most concern them

“Twenty-five years spending time and money cleaning up after breaches and hackers whose creativity was always at least one step ahead of network defenses enabled me to see where all the security gaps are,” said Cymatic Founder and Chief Executive Jason Hollander. “We built the CymaticONE platform to fill those gaps and decrease the complexity of current web application solutions, making it faster and easier to protect against modern-day attack vectors.”

The Cymatic platform provides universal in-session visibility and control to reduce risk across web applications, networks, and users while decreasing network traffic loads and eliminating user friction. Instead of just protecting network-based threats like traditional WAFs, Cymatic uses sophisticated artificial intelligence and machine-learning algorithms to identify page mutations and user anomalies. The platform protects against user-derived and device-based threats such as poor credential hygiene, dark web vulnerabilities, and potentially risky devices. It is invisible and frictionless to users, deploys in mere minutes, and has immediate time-to-value.

While many respondents noted obstacles to changing their current web application firewall (WAF) installations, almost 90% of them plan to revisit their investments in the next six to 18 months.

To make it easy for any organization to bridge the gaps in their installations, Cymatic offers the first web application firewall to combine client-side WAF defense with a proprietary vulnerability, awareness, detection, and response (VADR™) AI engine to stop user- and app-based threats in their tracks. Unlike other products that make static decisions based on siloed threat signals, Cymatic correlates and analyzes in real time thousands of signals over a dozen threat vectors to deliver a higher degree of security accuracy without compromising the user experience or application performance. In fact, only Cymatic offers complete visibility and protection in real time against all code-injection attacks, user risk and session fraud—with just a single line of javascript.

Click HERE to review full survey results and HERE to request a demo of CymaticONE + VADR to jump-start your web application defense.

About Cymatic

Cymatic offers the only web application firewall (WAF) solution that combines client-side WAF defenses with a proprietary vulnerability, awareness, detection, and response (VADR™) engine to deliver instant and continuous in-session intelligence around devices, users, and locations. Cymatic’s first-look, first-strike capability is earliest in the kill chain, reducing risk across applications, networks, and users while ensuring organizations are compliant with today’s security-driven regulations. The solution is invisible and frictionless to users, deploys in minutes and operationalizes in seconds. Cymatic is headquartered in Raleigh, NC with offices in California and New York. Learn more at cymatic.io and follow Cymatic on Twitter and LinkedIn.


KC Higgins

Cymatic Media