Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

UncategorizedK2 Cyber Security | RSA Conference 2020


March 3, 2020 By Timothy Chiu, VP of Marketing
Post RSA Conference 2020 Thoughts on DevSecOps

There seems to be a consensus amongst industry press and analysts that one of the main themes coming out of this year’s RSA Conference 2020 in San Francisco, California, is around DevSecOps, including this one article claiming it was the backbone of the show. In case you are not familiar with term, DevSecOps refers to the need to focus on security during the development and operations planning part of web applications, in other words start thinking about security at the beginning of your web application development, rather than waiting to implement security when you are in production.

During the RSA Conference, I had the opportunity to attend a briefing given by ESG (an industry analyst group), and one of their research areas and focus for 2020 is also around DevSecOps. While I agree the earlier you start thinking about and incorporating security into your planning process, the better, I am worried that organizations may consider this a zero sum game, and move budget away from operational security to development security.

With this concern in mind, I asked the analysts at ESG, including Doug Cahill and Jon Oltsik if they thought the new spotlight on DevSecOps would take away from spend and focus on security spend and development in production environments. Cahill’s immediate response was that it should not, as it is still as relevant as ever, and if anything a focus on DevSecOps should mean an increase in security needs during production.

The real issue here is that no matter how much security you put into the development process, there’s no guarantee you’ll have found all the vulnerabilities in your code, or the 3rd party and open source code you are using in your application. Run-time security is really the only way you can be sure to protect your organization’s assets given the likelihood there is a vulnerability in your application, no matter how much effort you spend in development to reduce the possibility.

That is why it is more important than ever for organizations to have a run-time security solution that validates the application execution and alerts to attacks in real time. If you haven’t looked into K2 Cyber Security’s next generation workload and application protection platform, request a demo today, and let us show you how you can get protection against zero-day attacks with no false positives for your web application and container workloads.

Share this

Leave a Reply

Your email address will not be published. Required fields are marked *


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131