UncategorizedDetails on New NIST Requirement for RASP and IAST | K2 Security

Blog

January 18, 2021 Timothy Chiu, VP of Marketing
Details on the New NIST Requirement for RASP and IAST

If you’re looking for more information on the latest update to the NIST (National Institute of Standards and Technologies) Security and Privacy Framework outlined in SP800-53, there’s a new article just published in the Cutter Business Technology Journal detailing the changes, the timing and an explanation of the new technologies (RASP and IAST) added to the framework.

The article covers the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020.  The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework, in addition to Interactive Application Security Testing (IAST) during pre-production QA testing.  The new article also gives definitions of RASP and IAST.

While the article is gated and requires you to fill out a form, there is no charge to read the article after completing the form.


RASP solutions like the one from K2 Cyber Security offer significant application protection, including protection of vulnerable applications, while at the same time using minimal resources and adding negligible latency to an application.  K2 Security Platform uses runtime deterministic security to monitor the application and has a deep understanding of the application’s control flows, DNA and execution.  By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack.  Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten, including XSS and SQL Injection.

K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution.  K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application.  To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.

Change how you protect your applications, and check out K2’s web application and application workload security solution and evaluate K2’s effectiveness at detecting and protecting your organization from attacks.

Find out more about K2 today by requesting a demo, or get your free trial.


 

 

Share this

Leave a Reply

Your email address will not be published. Required fields are marked *

K2 CYBER SECURITY

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks including OWASP Top 10 and memory-based attacks, and provides additional vulnerability detection. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production servers to identify the location of the vulnerable code in real-time. K2’s solution generates almost no false alerts, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools including Web Application Firewalls, and dramatically reduces security cost. K2 Cyber Security is located in the USA, and provides cyber security solutions globally.

CONTACT INFO

K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131