The start of February 2021 brought with it a number of announcements from APM (Application Performance Monitoring) vendors, all relating to RASP (Runtime Application Self-Protection). Three vendors in the APM (referred to by some as the Observability Platform market), made announcements about either adding RASP or enhancing their RASP offerings as part of their APM offering. In case you’re not familiar with APM, Gartner’s definition of APM is:
Application performance monitoring (APM) is a suite of monitoring software comprising digital experience monitoring (DEM), application discovery, tracing and diagnostics, and purpose-built artificial intelligence for IT operations.
Announcements around RASP came from Cisco AppDynamics, DataDog and Dynatrace.
Cisco AppDynamics Announces Secure Application (RASP)
On February 4, 2021, Cisco’s AppDynamics division announced the addition of “Secure Application: True Runtime Application Self-Protection for the Modern Application” to their AppDynamics APM/Observability platform. It’s the first foray for AppDynamics into security, in order to unify application and security teams.
Datadog Announces Acquisition of Sqreen
On February 11, 2021, Datadog, a SaaS based provider of monitoring and security for cloud applications announced the acquisition of Sqreen, a RASP vendor with a security platform that enables enterprises to detect, block and respond to application level attacks.
Dynatrace Adds to the Capabilities of their RASP Solution
Why RASP is More Important Than Ever
Securing web applications is more difficult than ever, with the increasing numbers of attacks, especially on zero-day exploits, in addition the number of attacks that are successful. Today’s security tools are proving to be less than effective at combating the latest attacks and detecting vulnerabilities during testing. For many organizations today, they’re using tools like a web application firewall (WAF) solution to protect web applications from new attacks. WAFs though are proving to require more maintenance and are less effective than they’ve ever been before.
While WAF solutions claim to detect zero day attacks, the technology used to detect zero day attacks tend to include some mix of machine learning, artificial intelligence (AI), heuristics, fuzzy logic, pattern and signature matching. While all of these technologies are able to detect known attacks, they are coming up short when it comes to protecting against novel, sophisticated, and new zero day attacks. That’s because all of these technologies need to start with a known prior attack. Take machine learning for example. Any machine learning expert will tell you that you need good datasets and lots of datasets to train a machine learning algorithm. The datasets used to feed machine learning to detect new attacks is of course, information about prior, known attacks. That translates to machine learning algorithms detecting variations on past attacks, but failing to detect and stop completely unknown and never seen before zero day attacks.
So, how do we find new attacks on applications, if we can’t rely on the security technologies being used by most security products today? First we need to get close to the problem. Security that’s sitting on the perimeter like a WAF misses too much of the activity that’s happening directly in the application, and on the application server. And that’s where RASP comes into play. As a security technology that resides with the application on the application server, RASP has the visibility that WAFs lack and why RASP is gaining interest in the APM vendor community.
NIST Has Added RASP to the Security Framework
The new release of NIST SP800-53 Revision 5 is another good indication that application security needs a RASP solution. The latest revision of NIST SP800-53 includes the requirement of RASP (Runtime Application Self-Protection). It’s a first in recognizing RASP as a requirement in application security.
How RASP Has Changed
RASP solutions have been around since 2014 or earlier, so why haven’t they had more success, and why has it taken so long for the NIST to recognize their value as part of the application security framework? As with any new technology RASP had some early teething problems. The first RASP solutions were high impact, using a considerable amount of CPU and memory, and adding a not insignificant amount of latency to an application, making it difficult to use them for a mission critical application.
RASP solutions have improved since their introduction, and some of the latest RASP solutions, like the one from K2 Cyber Security offers significant application protection while at the same time using minimal resources and adding negligible latency to an application.
Why K2 Cyber Security for RASP
Here at K2 Cyber Security, we’d like to help out with your RASP requirements. K2 offers an ideal runtime protection security solution that detects true zero-day attacks, while at the same time generates the least false positives and alerts. Unlike other RASP solutions than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect true zero-day attacks. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has virtually no false alerts.
We’ve also recently published a video, The Need for Deterministic Security. The video explains why the technologies used in today’s security tools, including web application firewalls (WAFs) fail to prevent zero day attacks and how deterministic security fills the need for detecting zero day attacks. The video covers why technologies like artificial intelligence, machine learning, heuristics, fuzzy logic, pattern and signature matching fail to detect true zero day attacks, giving very specific examples of attacks where these technologies work, and where they fail to detect an attack. The video also explains why deterministic security works against true zero day attacks and how K2 uses deterministic security. Watch the video now.
Change how you protect your applications, include RASP and check out K2’s application workload security.