A new article in Help Net Security covers a recent survey of 300 CISOs. In the survey CISOs revealed that nearly 80% of the companies had experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches. According to the CISOs that participated in the survey, security misconfiguration (67%), lack of adequate visibility into access settings and activities (64%) and identity and access management (IAM) permission errors (61%) were the top concerns when using cloud production environments.
The same study also asked the same CISOs what the security challenges they are facing. The results included: insufficient personal/expertise (66%), integrating disparate security solutions (52%) and lack of solutions that can meet their needs (39%). In fact application security is one area of security where most organizations lack a defined solution. Some organizations believe they have application security covered by using a web application firewall (WAF), and endpoint security on their application server. But neither of these solutions really address the fundamental issues of applications security, protecting the application itself from attacks on vulnerabilities and misconfigurations in the application.
K2’s runtime deterministic application security platform monitors the application and has a deep understanding of the application’s control flows, DNA and execution. By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack. Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten, including XSS.
K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution. K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application. To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.
Change how you develop and protect your applications.