If you have an application running and exposed to the internet, you’ve probably already made the decision to make sure you have security for that application. Most likely you’ve chosen one the most common security options for application security, the Web Application Firewall (WAF). While the WAF was invented to secure web applications, its history and ability to prevent attacks hasn’t been very successful. WAF technology failed to prevent two recent high profile breaches, the attacks that happened to Equifax and Capital One. K2 has written about these two attacks in separate blog articles, this one on Capital One, and this one on Equifax. While these articles talk about specific attacks where the WAF failed to detect an attack, they don’t discuss a broader issue with using WAF technology to protect applications, the fact that WAFs are a perimeter solution and sit at the network edge, away from where the application runs. WAFs can monitor north-south transactions, but will fail to see anything happening east-west, and directly at the application and server level itself.
With the sophisticated level of today’s attacks, there is a requirement to monitor the application itself as its running, to ensure that every attack is detected. If the WAF allows one attack through the perimeter defenses, it has no idea what that attack is doing to the application once its through. A runtime application security platform can monitor the application continuously and detect attacks including the initial breach, and any subsequent activity that occurs because of the breach. This is especially important if there’s more than one server, and/or more than one application running behind the WAF’s defenses, as any attack can jump from one server to another and from one application to another once it’s past the WAF’s defenses.
Runtime application security is the right answer to security for your application running on the internet. But not just any runtime application security is sufficient. When looking for a runtime application security solution there are some key requirements to keep in mind. First the solution must be effective at detecting new and sophisticated zero day attacks and memory-based attacks which are becoming more prevalent. Solutions that rely on past attacks or knowledge of past attacks, have proven to be less than successful with zero day attacks. Second, the solution must be low impact, meaning it should use as little CPU and memory on the serer as possible, while at the same time adding as little latency as possible to the application. Finally the security solution should also enable fast remediation once an attack is detected. For example, the solution should allow you to quickly identify the vulnerability in your code so you can fix the vulnerability, and the solution should let you identify the source of the attack so it can be blocked in real time.
K2’s Next Generation Application Workload Protection Platform addresses these runtime security needs in an easy to use, easy to deploy solution. K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application. K2 also provides attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking. Find out more about K2 today by requesting a demo, or get your free trial.