Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

UncategorizedRuntime Application Self Protection | K2 Cyber Security


April 20, 2020 By Timothy Chiu, VP of Marketing
NIST Recognizes RASP as Critical to Lowering Risk

The National Institute of Standards and Technology (NIST) has issued their newest version of their framework (NIST SP 800-53 Revision 5 Draft) that includes new standards that apply directly to application security.  Section SI-7(17) (p.339) outlines Runtime Application Self-Protection (RASP) as a control to mitigate risk due to software security vulnerabilities.

NIST now recognizes that automated application security is critical due to the vulnerabilities found in software.  With the US-CERT vulnerability database registering the highest number of vulnerabilities found in software code in 2019, and with 2020 on track to beat that number, RASP is more important than ever.

RASP has gotten a bad rap in the past for adding latency, being CPU heavy, and using up memory on the application server.  K2’s next generation application workload security platform addresses all of those issues with a security agent that adds less than a millisecond of latency, while remaining lightweight, using a minimal amount of CPU and memory on the server.

K2’s runtime deterministic application security platform offers a RASP that monitors the application and has a deep understanding of the application’s control flows, DNA and execution.  By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack.  Deterministic security results in the detection of sophisticated zero day attacks..

K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution.  K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application.  To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.

Change how you protect your applications.  It’s time to checkout RASP for your applications.

Find out more about K2 today by requesting a demo, or get your free trial.



Share this

Leave a Reply

Your email address will not be published. Required fields are marked *


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131