Optimized Control Flow Integrity

Zero-day attack prevention for application software, web applications, or container workloads

High Precision and Performance

K2’s attack prevention platform is based on a new innovation in runtime application execution state validation and control flow integrity (CFI). CFI is a technological approach that has only been feasible with select hardware and OS implementations, which require expensive re-compiles of applications and hardware upgrades. In software, CFI has had onerous operational trade-offs such as the need for instrumentation, heavy infrastructure or high additional CPU overhead requirements that has make it infeasible for most enterprise IT environments. K2 introduces the first fully operationalized software-based CFI solution that analyzes threats with minimal additional infrastructure and performance impact. The promise of determinism and CFI is finally here.

How K2 Prevention Works

Agents are deployed on physical or virtual servers and VMs via an installer and as Kubernetes minion nodes as pods. The K2 agent automatically identifies applications and protect them from attacks.

K2 automatically builds an execution reference for each application or workload to be secured. The K2 agent uses it to validate the runtime state of the application for preventing attacks.

Execution of application is deterministically validated against the Execution Map to allow only legitimate instructions to execute via validated control flow channels

Inconsistency in execution of an application due to an attack will generate a security alert in real-time and can be viewed in user’s own GUI or in SIEM solution

Continuous Runtime Monitoring and Protection

Efficient and Effective

K2’s patent-pending optimizations enable CFI entirely in software with minimal CPU performance impact on computing nodes to detect attack in real time

Web Application Security

The K2 platform protects web applications written in Java and other languages from OWASP Top Ten type attacks such as SQL injection and remote code execution

Securing Unpatched Software

Unpatched software or vulnerability-laden applications are “virtually” patched by the K2 platform, which prevents attacks from either known and unknown vulnerabilities

No Code Modification

K2 does not require source code or a priori instrumentation of the application to secure it against the attacks

Integrated Platform

K2 provides an integrated platform to protect applications against exploit and segment them. The deployment of K2’s agent is simple and is achieved via an installer.

SaaS Administrative Portal

K2’s SaaS portal simplifies management and monitoring. Simply log in and monitor the application policies, topology, scan details and daily reports.

Read about “How Optimized Control Flow Integrity Revolutionizes Data Center Security?”

Download Whitepaper