logo
Contrast Security Releases Software Under Siege 2025, Exposing What Traditional Reports Miss About Application-Layer Threats

Contrast Security Releases Software Under Siege 2025, Exposing What Traditional Reports Miss About Application-Layer Threats

Business Wire6 days ago
PLEASANTON, Calif.--(BUSINESS WIRE)-- Contrast Security, the global leader in Application Detection and Response (ADR), today released Software Under Siege 2025: The Contrast Application Threat Report, exposing the growing crisis at the application layer as adversaries use AI to easily launch previously sophisticated attacks at scale.
Recent reports from Verizon (DBIR 2025) and Google Mandiant (M-Trends 2025) confirm what many security leaders already suspect: components of the application layer are among the most targeted and least protected parts of the modern enterprise. This trend includes hackers' heightened focus on cloud environments, which heavily depend on application-layer services and interfaces, such as critical components like cloud-based single sign-on (SSO) web portals that store centralized authority.
But those reports raised an even bigger question:
What's actually happening inside the applications we build and run every day?
The Software Under Siege 2025 report from Contrast Security provides the missing context, offering a detailed, data-driven view into the vulnerabilities, exploit patterns, and attacker behaviors that SOC and AppSec teams need to understand now. Built on 1.6 trillion runtime observations per day, the report provides a uniquely accurate picture of how applications and APIs are being targeted, and how defenders can regain control.
'We're seeing a fundamental shift in how applications are being attacked,' said Jeff Williams, CTO and Founder of Contrast Security. 'AI is making it easier than ever for adversaries to launch targeted, viable attacks at scale, while traditional tools like WAFs, SAST, and EDR remain blind to what's happening inside the application while it's running. This report exposes that gap with hard data. It shows where the real threats are, how fast they're moving, and why organizations need a new model for defense: one that starts with runtime visibility.'
The report confirms that applications and APIs are the modern battleground of choice for attackers. Key findings include:
Why attackers are winning: On average, apps contain 30 serious vulnerabilities. AI-generated code is exacerbating the problem, and third-party libraries are accelerating the risk.
Why defenders can't keep up:
Applications face an average of 17 new vulnerabilities per month, with developer teams remediating 6 per month, on average.
Attackers exploit new vulnerabilities in just 5 days, but it takes 84 days on average to patch even the most critical flaws.
Application attacks are more prolific than ever before, with the average application targeted by attackers once every 3 minutes.
The average application is exposed to 81 confirmed, viable attacks each month that evade other defenses, primarily driven by untrusted deserialization, method tampering, OGNL injection, and similar attacks, which can vary by industry and technology stack.
A small number of attack techniques, harder to execute before AI, account for the lion's share of risk.
Why traditional tools fall short: WAFs and EDRs lack the runtime context to detect the growing threats. Many SOCs are flying blind.
The new 'best practice': A small number of attack techniques account for the majority of risk. Focusing on what's exploitable now enables teams to regain control.
To manage the growing risks, security teams are increasingly evolving their strategies to address the visibility gap at the application layer. That includes moving beyond traditional reactive defenses and adopting runtime protection models that can detect and stop attacks from within running applications.
The report also highlights how shared telemetry across SecOps, AppSec, and development teams helps organizations focus on the threats and vulnerabilities that pose the greatest real-world risk. This unified, contextual approach enables faster response, more targeted remediation, and reduced alert fatigue across security workflows.
Organizations adopting these practices are better positioned to improve their resilience against the rising tide of AI-assisted application-layer threats.
To download the full report, visit https://www.contrastsecurity.com/software-under-siege-2025-report.
Methodology
The report combines proprietary data from the Contrast Runtime Security Platform with additional data from trusted third parties to help security leaders understand the scope and nature of application-layer threats.
Contrast's data is collected from real-world running applications and application programming interfaces (APIs), using a lightweight sensor that allows full visibility into the complete runtime context. This 'inside-out' approach provides continuous visibility into how applications behave and are targeted in real-world production environments.
About Contrast Security
Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application-layer risks that traditional solutions miss. Contrast's powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats.
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Nordic Enterprises Embrace Hybrid, Multicloud Strategies
Nordic Enterprises Embrace Hybrid, Multicloud Strategies

Yahoo

time2 hours ago

  • Yahoo

Nordic Enterprises Embrace Hybrid, Multicloud Strategies

Digital transformation, changing regulations, sustainability goals drive adoption of flexible, cloud-based IT solutions, ISG Provider Lens® report says STOCKHOLM, July 23, 2025--(BUSINESS WIRE)--Nordic enterprises are increasingly investing in hybrid and multicloud environments, optimizing flexibility, scalability, cost and compliance, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm. The 2025 ISG Provider Lens® Private/Hybrid Cloud — Data Center Services report for the Nordics highlights environmental sustainability as a key focus for Nordic companies' data center strategies, which emphasize renewable energy and efficiency. Enterprises are taking advantage of the region's abundant green energy production while deploying innovations such as cooling systems enhanced with AI. "Renewable energy in the Nordics costs up to 50 percent less than the European average," said Rakesh Parameshwara, ISG lead for Banking, Financial and Insurance in the U.K., Ireland and Nordics. "This is a significant catalyst for ongoing investment in data center expansion and outsourcing." Cloud platforms ease AI integration, enabling Nordic enterprises to deploy generative AI tools and large language models to enhance operations. To meet the rising demand for real-time data processing and manage the influx of IoT devices, companies also are embracing edge computing infrastructure. This approach helps them handle advanced AI workloads and carry out digital transformation initiatives. Nordic enterprises are looking to hybrid clouds to integrate on-premises infrastructure with public and private cloud environments. This approach enhances operational efficiency by securing critical workloads and optimizes costs through on-demand services. Firms are also leveraging multicloud services to integrate offerings from multiple vendors, reducing the risk of vendor lock-in. Providers that excel in advanced automation and orchestration to efficiently manage hybrid environments are in high demand in the region. Nordic enterprises are prioritizing innovation and digital transformation, focusing on cybersecurity, talent development and collaboration with technology partners. They are capitalizing on the robust regional connectivity and proximity to European hubs to optimize latency-sensitive applications using edge computing. Nordic enterprises are also adopting comprehensive data strategies and ethical AI deployment to address siloed data and governance challenges. In these initiatives, they are working to ensure security and compliance with robust AI regulatory frameworks. Hybrid cloud deployment for AI is most common in the region's finance, healthcare and public sectors. "Nordic firms are embracing hybrid and edge computing to enhance AI capabilities and manage real-time data," said Meenakshi Srivastava, lead analyst, ISG Provider Lens Research, and lead author of the report. "This strategy improves their ability to manage complex AI tasks and supports expansive digital transformation efforts." The report also explores other cloud trends in the Nordics, including the growing use of scalable, high-density infrastructure options offered by colocation providers and the rise of hyperscaler partnerships for integrated offerings. For more insights into the cloud-related challenges faced by Nordic enterprises, along with ISG's advice for addressing them, see the ISG Provider Lens® Focal Points briefing here. The 2025 ISG Provider Lens® Private/Hybrid Cloud — Data Center Services report for the Nordics evaluates the capabilities of 60 providers across five quadrants: Managed Services — Large Accounts, Managed Services — Midmarket, Managed Hosting, Colocation Services and AI-Ready Infrastructure Consulting. The report names Orange Business as a Leader in four quadrants. It names Kyndryl and Tietoevry as Leaders in three quadrants each. Accenture, Atea, Capgemini, CGI, Fujitsu, LTIMindtree, Sopra Steria, TCS and Wipro are named as Leaders in two quadrants each. The report names atNorth, Bulk Infrastructure, Cognizant, Digital Realty, DXC Technology, Equinix, Green Mountain, HCLTech, Infosys, STACK Infrastructure and Tech Mahindra as Leaders in one quadrant each. In addition, GleSYS, Infosys and Sopra Steria are named as Rising Stars — companies with a "promising portfolio" and "high future potential" by ISG's definition — in one quadrant each. In the area of customer experience, Persistent Systems is named the global ISG CX Star Performer for 2025 among private/hybrid cloud and data center service providers. Persistent Systems earned the highest customer satisfaction scores in ISG's Voice of the Customer survey, part of the ISG Star of Excellence™ program, the premier quality recognition for the technology and business services industry. Customized versions of the report are available from Tietoevry. The 2025 ISG Provider Lens® Private/Hybrid Cloud — Data Center Services report for Nordics is available to subscribers or for one-time purchase on this webpage. About ISG Provider Lens® Research The ISG Provider Lens® Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG's global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG's enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Mexico, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future. For more information about ISG Provider Lens research, please visit this webpage. About ISG ISG (Nasdaq: III) is a global AI-centered technology research and advisory firm. A trusted partner to more than 900 clients, including 75 of the world's top 100 enterprises, ISG is a long-time leader in technology and business services that is now at the forefront of leveraging AI to help organizations achieve operational excellence and faster growth. The firm, founded in 2006, is known for its proprietary market data, in-depth knowledge of provider ecosystems, and the expertise of its 1,600 professionals worldwide working together to help clients maximize the value of their technology investments. View source version on Contacts Press Contacts: Laura Hupprich, ISG+1 203 517 Philipp Jaensch, ISG+49 151 730 365

Expro Unveils Its Most Advanced Brute ® Packer System for Deepwater Wells
Expro Unveils Its Most Advanced Brute ® Packer System for Deepwater Wells

Business Wire

time2 hours ago

  • Business Wire

Expro Unveils Its Most Advanced Brute ® Packer System for Deepwater Wells

HOUSTON--(BUSINESS WIRE)--Expro (NYSE:XPRO), a leading provider of energy services, has launched its most advanced BRUTE ® High-Pressure, High Tensile Packer System, designed to help operators work more efficiently and confidently in the extreme conditions of deepwater wells. Engineered for the highest differential pressures in the market, this new technology gives operators the flexibility to set higher in the wellbore - saving rig time, reducing operational risk, and simplifying regulatory compliance. The introduction of the BRUTE ® Armor Packer marks a major milestone in the continued evolution of Expro's BRUTE ® product line. With unmatched versatility, this innovation positions Expro as the only provider capable of supporting 20k deepwater projects at this level. When deployed with the BRUTE ® 2 Storm Valve, it forms the industry's highest-rated Storm/Service Packer and Valve combination currently available. As a recognized leader in deepwater downhole solutions, Expro was commissioned by a super-major energy company for a high-spec 20k development in the Gulf of America. The inaugural use of the technology confirmed its pressure integrity and performance under extreme downhole conditions resulting in the release and first successful deployment of the 12,850 psid-rated 12.25' BRUTE ® Armor Packer System in April 2025. Building on the successful deployment of the 12.25' Packer System, Expro has also introduced a new 20'/22' Packer System addressing historical challenges of 20' and 22' retrievable mechanical packer systems, often constrained by internal diameter (ID) limitations, such as subsea high-pressure wellhead housings and supplemental casing adapters. Featuring twice the element expansion capability of traditional mechanical packers, the new system delivers efficient, reliable performance for casing testing, suspension, and squeeze applications, all without compromising operational effectiveness. The first deployment of the 20'/22' Packer System recently took place in June 2025, during a high-profile offshore campaign for a super-major operator in the Gulf of America. The packer passed through restrictions in the high-pressure wellhead housing and supplemental casing adapter before being installed in a larger ID below both components. It achieved full element expansion and pressure integrity on the first attempt validating the tool's enhanced expansion capability, enabling efficient casing isolation while reducing rig time and operational risk. Jeremy Angelle, Vice President of Well Construction commented: 'This launch firmly establishes Expro's BRUTE ® Packers as the industry benchmark for deepwater storm and test packers in terms of pressure and tensile strength. The modular toolset provides unparalleled flexibility, making it the most adaptable solution on the market and positions Expro as the partner of choice for next-generation 20k deepwater developments. 'We're not just meeting the industry's toughest standards - we're defining them.' Notes to Editors Working for clients across the well life cycle, Expro is a leading provider of energy services, offering cost-effective, innovative solutions and what the Company considers to be best-in-class safety and service quality. The Company's extensive portfolio of capabilities spans well construction, well flow management, subsea well access, and well intervention and integrity solutions. With roots dating to 1938, Expro has approximately 8,500 employees and provides services and solutions to leading exploration and production companies in both onshore and offshore environments in more than 50 countries. For more information, please visit and connect with Expro on Twitter @ExproGroup and LinkedIn @Expro. This press release, and oral statements made from time to time by representatives of the Company, may contain certain "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements include statements regarding, among other things, the success, safety, efficiency and sustainability of the Company's well construction technologies, the Company's environmental, social and governance goals, targets and initiatives, and future growth, and are indicated by words or phrases such as "anticipate," "outlook," "estimate," "expect," "project," "believe," "envision," "goal," "target," "can," "will," and similar words or phrases. These forward-looking statements involve known and unknown risks, uncertainties and other factors which may cause actual results, performance or achievements to be materially different from the future results, performance or achievements expressed in or implied by such forward-looking statements. Forward-looking statements are based largely on the Company's expectations and judgments and are subject to certain risks and uncertainties, many of which are unforeseeable and beyond our control. The factors that could cause actual results, performance or achievements to materially differ include, among others the risk factors identified in the Company's Annual Report on Form 10-K, Form 10-Q and Form 8-K reports filed with the Securities and Exchange Commission. The Company undertakes no obligation to publicly update or revise any forward-looking statements, whether as a result of new information, future events, historical practice, or otherwise.

Nordic Enterprises Embrace Hybrid, Multicloud Strategies
Nordic Enterprises Embrace Hybrid, Multicloud Strategies

Business Wire

time2 hours ago

  • Business Wire

Nordic Enterprises Embrace Hybrid, Multicloud Strategies

STOCKHOLM--(BUSINESS WIRE)--Nordic enterprises are increasingly investing in hybrid and multicloud environments, optimizing flexibility, scalability, cost and compliance, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm. Renewable energy in the Nordics costs up to 50 percent less than the European average. This is a significant catalyst for ongoing investment in data center expansion and outsourcing in the region. The 2025 ISG Provider Lens ® Private/Hybrid Cloud — Data Center Services report for the Nordics highlights environmental sustainability as a key focus for Nordic companies' data center strategies, which emphasize renewable energy and efficiency. Enterprises are taking advantage of the region's abundant green energy production while deploying innovations such as cooling systems enhanced with AI. 'Renewable energy in the Nordics costs up to 50 percent less than the European average,' said Rakesh Parameshwara, ISG lead for Banking, Financial and Insurance in the U.K., Ireland and Nordics. 'This is a significant catalyst for ongoing investment in data center expansion and outsourcing.' Cloud platforms ease AI integration, enabling Nordic enterprises to deploy generative AI tools and large language models to enhance operations. To meet the rising demand for real-time data processing and manage the influx of IoT devices, companies also are embracing edge computing infrastructure. This approach helps them handle advanced AI workloads and carry out digital transformation initiatives. Nordic enterprises are looking to hybrid clouds to integrate on-premises infrastructure with public and private cloud environments. This approach enhances operational efficiency by securing critical workloads and optimizes costs through on-demand services. Firms are also leveraging multicloud services to integrate offerings from multiple vendors, reducing the risk of vendor lock-in. Providers that excel in advanced automation and orchestration to efficiently manage hybrid environments are in high demand in the region. Nordic enterprises are prioritizing innovation and digital transformation, focusing on cybersecurity, talent development and collaboration with technology partners. They are capitalizing on the robust regional connectivity and proximity to European hubs to optimize latency-sensitive applications using edge computing. Nordic enterprises are also adopting comprehensive data strategies and ethical AI deployment to address siloed data and governance challenges. In these initiatives, they are working to ensure security and compliance with robust AI regulatory frameworks. Hybrid cloud deployment for AI is most common in the region's finance, healthcare and public sectors. 'Nordic firms are embracing hybrid and edge computing to enhance AI capabilities and manage real-time data,' said Meenakshi Srivastava, lead analyst, ISG Provider Lens Research, and lead author of the report. 'This strategy improves their ability to manage complex AI tasks and supports expansive digital transformation efforts.' The report also explores other cloud trends in the Nordics, including the growing use of scalable, high-density infrastructure options offered by colocation providers and the rise of hyperscaler partnerships for integrated offerings. For more insights into the cloud-related challenges faced by Nordic enterprises, along with ISG's advice for addressing them, see the ISG Provider Lens ® Focal Points briefing here. The 2025 ISG Provider Lens ® Private/Hybrid Cloud — Data Center Services report for the Nordics evaluates the capabilities of 60 providers across five quadrants: Managed Services — Large Accounts, Managed Services — Midmarket, Managed Hosting, Colocation Services and AI-Ready Infrastructure Consulting. The report names Orange Business as a Leader in four quadrants. It names Kyndryl and Tietoevry as Leaders in three quadrants each. Accenture, Atea, Capgemini, CGI, Fujitsu, LTIMindtree, Sopra Steria, TCS and Wipro are named as Leaders in two quadrants each. The report names atNorth, Bulk Infrastructure, Cognizant, Digital Realty, DXC Technology, Equinix, Green Mountain, HCLTech, Infosys, STACK Infrastructure and Tech Mahindra as Leaders in one quadrant each. In addition, GleSYS, Infosys and Sopra Steria are named as Rising Stars — companies with a 'promising portfolio' and 'high future potential' by ISG's definition — in one quadrant each. In the area of customer experience, Persistent Systems is named the global ISG CX Star Performer for 2025 among private/hybrid cloud and data center service providers. Persistent Systems earned the highest customer satisfaction scores in ISG's Voice of the Customer survey, part of the ISG Star of Excellence™ program, the premier quality recognition for the technology and business services industry. Customized versions of the report are available from Tietoevry. The 2025 ISG Provider Lens ® Private/Hybrid Cloud — Data Center Services report for Nordics is available to subscribers or for one-time purchase on this webpage. About ISG Provider Lens ® Research The ISG Provider Lens ® Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG's global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG's enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Mexico, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future. For more information about ISG Provider Lens research, please visit this webpage. About ISG ISG (Nasdaq: III) is a global AI-centered technology research and advisory firm. A trusted partner to more than 900 clients, including 75 of the world's top 100 enterprises, ISG is a long-time leader in technology and business services that is now at the forefront of leveraging AI to help organizations achieve operational excellence and faster growth. The firm, founded in 2006, is known for its proprietary market data, in-depth knowledge of provider ecosystems, and the expertise of its 1,600 professionals worldwide working together to help clients maximize the value of their technology investments.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store