Only 9% remediate critical vulnerabilities within 24 hours; with74% take one to seven days. Patch time is important: Organizations taking four or more days had a 97% incident rate. Those taking three or less had a 67% rate. The implication is that patch rates must be increased and exploitable vulnerabilities better understood – and preferably both.It gets more complicated, and urgent, in runtime, which is described as the breach battlefield. Most organizations only know what happened after reconstructing the event after the horse has bolted. Most (73%) would adopt virtual patching if they had better confidence in minimal false positives; but only 17% configure WAFs for automatic blocking, with 56% citing a lack of application context as the reason.Because of the runtime difficulties, there is an intention by 42% of the organizations to increase investment in runtime monitoring and protection over the next few years. But since protection is always better than cure, the bulk of investment (52%) remains in pre-production such as CI/CD build protection.The potential solutions are clear. Improved visibility into vulnerability exploitability together with better all-round contextual understanding of the application concerned – and its effect on business stability – would allow autonomous patching for many vulnerabilities and confidence in increased automated blocking.A separate FireMon Insightsreport, also published June 2, 2026, suggests that concern over the automated use of firewalls as a security barrier is unsurprising but at least partially due to a lack of human oversight. FireMon discusses firewalls in general, but the same principles will apply to WAFs.“Firewall complexity is no longer just an operational problem. It is a control problem,” says Jody Brazil, CEO at FireMon. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
It gets more complicated, and urgent, in runtime, which is described as the breach battlefield. Most organizations only know what happened after reconstructing the event after the horse has bolted. Most (73%) would adopt virtual patching if they had better confidence in minimal false positives; but only 17% configure WAFs for automatic blocking, with 56% citing a lack of application context as the reason.Because of the runtime difficulties, there is an intention by 42% of the organizations to increase investment in runtime monitoring and protection over the next few years. But since protection is always better than cure, the bulk of investment (52%) remains in pre-production such as CI/CD build protection.The potential solutions are clear. Improved visibility into vulnerability exploitability together with better all-round contextual understanding of the application concerned – and its effect on business stability – would allow autonomous patching for many vulnerabilities and confidence in increased automated blocking.A separate FireMon Insightsreport, also published June 2, 2026, suggests that concern over the automated use of firewalls as a security barrier is unsurprising but at least partially due to a lack of human oversight. FireMon discusses firewalls in general, but the same principles will apply to WAFs.“Firewall complexity is no longer just an operational problem. It is a control problem,” says Jody Brazil, CEO at FireMon. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
Because of the runtime difficulties, there is an intention by 42% of the organizations to increase investment in runtime monitoring and protection over the next few years. But since protection is always better than cure, the bulk of investment (52%) remains in pre-production such as CI/CD build protection.The potential solutions are clear. Improved visibility into vulnerability exploitability together with better all-round contextual understanding of the application concerned – and its effect on business stability – would allow autonomous patching for many vulnerabilities and confidence in increased automated blocking.A separate FireMon Insightsreport, also published June 2, 2026, suggests that concern over the automated use of firewalls as a security barrier is unsurprising but at least partially due to a lack of human oversight. FireMon discusses firewalls in general, but the same principles will apply to WAFs.“Firewall complexity is no longer just an operational problem. It is a control problem,” says Jody Brazil, CEO at FireMon. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
The potential solutions are clear. Improved visibility into vulnerability exploitability together with better all-round contextual understanding of the application concerned – and its effect on business stability – would allow autonomous patching for many vulnerabilities and confidence in increased automated blocking.A separate FireMon Insightsreport, also published June 2, 2026, suggests that concern over the automated use of firewalls as a security barrier is unsurprising but at least partially due to a lack of human oversight. FireMon discusses firewalls in general, but the same principles will apply to WAFs.“Firewall complexity is no longer just an operational problem. It is a control problem,” says Jody Brazil, CEO at FireMon. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
A separate FireMon Insightsreport, also published June 2, 2026, suggests that concern over the automated use of firewalls as a security barrier is unsurprising but at least partially due to a lack of human oversight. FireMon discusses firewalls in general, but the same principles will apply to WAFs.“Firewall complexity is no longer just an operational problem. It is a control problem,” says Jody Brazil, CEO at FireMon. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
“Firewall complexity is no longer just an operational problem. It is a control problem,” says Jody Brazil, CEO at FireMon. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.Related:Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksRelated:The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityRelated:New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseRelated:Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
Source: SecurityWeek
