Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

Uncategorized84% of Companies Have High Risk Vulnerabilities | Application Workload Security


December 10, 2020 Timothy Chiu, VP of Marketing
84% of Companies Have High Risk Vulnerabilities

A recent study from Positive Technologies found that 84% of companies have high risk vulnerabilities that are accessible on the network perimeter.  The results are based on their network perimeter scan of selected corporate information systems, where they scanned 3,514 hosts, including network devices, servers, and workstations.

The research scanned for vulnerabilities at companies including ones from finance, manufacturing, IT retail, government, telecommunications, and advertising.  While the percentage of companies with vulnerabilities is surprisingly high, even more surprising is that almost half (47%) of the vulnerabilities were easily addressed with existing and available patches and updates.

Separately, 58% of companies had hosts with a high risk vulnerability, exploitable with a publicly available toolkit (meaning that they are exploitable by cyber criminals without programming skills).  And while you might think companies did not patch these vulnerabilities because they were new and recently announced updates, the research also found the oldest vulnerability dated back 16 years.  In addition, the scans found software at 42% of companies that had reached end-of-life and were no longer receiving security updates by their manufacturer.

If you’re thinking at this point, the best practice would be for organizations to update their software, you’d be correct.  In fact, most experts recommend this as the fastest and easiest course of action to remove risk from vulnerabilities in production.  Unfortunately while this sounds good in theory, we can see from this report, that it’s a lot harder to implement in practice.

With the increase in cyber attacks and the advanced nature of these threats, including those that attack web applications, organizations may need to re-evaluate their approach to protecting applications that are likely to have vulnerabilities that can be exploited.  While many organizations already have system and network based security, it’s important to remember to have a security framework that offers a defense-in-depth architecture.  Maybe it’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020.  The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework.

RASP solutions like the one from K2 Cyber Security offer significant application protection, including protection of vulnerable applications, while at the same time using minimal resources and adding negligible latency to an application.  K2 Security Platform uses runtime deterministic security to monitor the application and has a deep understanding of the application’s control flows, DNA and execution.  By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack.  Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten, including XSS and SQL Injection.

K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution.  K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application.  To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.

Change how you protect your applications, and check out K2’s web application and application workload security solution and evaluate K2’s effectiveness at detecting and protecting your organization from attacks.

Find out more about K2 today by requesting a demo, or get your free trial.



Share this

Leave a Reply

Your email address will not be published. Required fields are marked *


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131