A new study by Debate Security finds that the efficacy problems in cyber security are more related to economic issues rather than technology issues. It found that companies when evaluating which cyber security software to purchase, didn’t include evaluating efficacy of the solution as a consistent factor in deciding to choose and implement a solution.
90% of participants in the study also reported that cybersecurity technology is not as effective as it should be when it comes to protecting organizations from cyber risk.
This has led to trust in technology to deliver on its promises being low, and the study also found that there was no consistent measurement between organizations to determine efficacy of security technology. And in fact it seems ineffective technology was considered “normal” among study participants.
Most organizations reported that during the security technology purchasing cycle, they typically do not have the resources to conduct and evaluate an assessment of the efficacy of the technology
The results of this study may indicate why organizations have not been successful in stemming the tide against cyber attacks and why a recent study found that only 26% of cyber attacks are detected.
The results of this survey should make organizations re-evaluate how they decide on which security solutions to use, and use efficacy of the solution as a primary driver for purchase rather than economics.
With the increase in cyber attacks and the advanced nature of these threats, including those that attack web applications, organizations may also need to re-evaluate their approach to security. While many organizations may be using system and network based security, it’s important to remember to have a security framework that offers a defense-in-depth architecture. Maybe it’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020. The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework.
RASP solutions like the one from K2 Cyber Security offer significant application protection, including protection of vulnerable applications, while at the same time using minimal resources and adding negligible latency to an application. K2 Security Platform uses runtime deterministic security to monitor the application and has a deep understanding of the application’s control flows, DNA and execution. By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack. Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten, including XSS and SQL Injection.
K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution. K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application. To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.
Change how you protect your applications, and check out K2’s web application and application workload security solution and evaluate K2’s effectiveness at detecting and protecting your organization from attacks.