A recent article in Forbes discussed prioritizing the risks of the cloud, and specifically called out four areas of risk that need to be addressed by organizations moving to the cloud. The article recognized risks come from:
The last two, network and platform security are well understood, and have been widely used in on-premises deployments as well as cloud deployments. Most security deployments and spend are around security for network and platforms. Unfortunately as many organizations are finding out, network and platform security isn’t enough to effectively secure the cloud.
In today’s world of increasing attacks, (especially zero day attacks) and the increasing success of attacks, application and workload security are gaining in attention and focus. Applications and workloads are the gateways to the data that’s sought after by cyber criminals, and attacks against applications and workloads are increasingly sophisticated, meaning traditional tools around network and platform security are failing to detect these types of attacks.
A WAF Is No Longer Enough Security
For many organizations, a Web Application Firewall (WAF) is fulfilling their application security requirements. But a WAF alone is missing out on many application security needs. While WAFs have been around in their current form since around 2002, WAFs function as a network perimeter security solution and they have failed to meet the security needs around many of the issues that applications and workloads face in today’s threat landscape. WAFs only have visibility to see the traffic coming to and from the application or workload, but not what’s happening in the application or workload directly.
Platform Security has Limited Visibility
The second area organizations have typically had security is on the platform. For platform security, many organizations continue to rely on standard anti-virus/anti-malware or Endpoint Detection and Response (EDR) solutions to protect their servers. Unfortunately, these types of solutions are designed to protect end-user systems, and specifically the operating systems running on those systems, rather than applications servers. They aren’t designed to protect against attacks targeted specifically against applications and workloads, and typically don’t understand the transactional languages or operations of the applications and workloads.
Today’s Security Needs to Understand the Applications and Workloads
Application and workload security needs to have visibility into the application itself, along with the ability to understand the transactions happening between the end-user and the application and the application with the APIs it is using to access data.
Unlike network and platform security solutions, a Runtime Application Self-Protection (RASP) solution can see what’s happening inside the application, to determine if there’s inappropriate use of the application itself. In addition, RASP is really the first security category to offer self protection for applications and workloads.
A typical RASP solution has code level visibility into applications and workloads and can analyze all the activity related to applications and workloads to accurately identify when an attack occurs, thereby reducing the amount of false positives.
Even the latest revision of NIST SP800-53 includes the addition of RASP (Runtime Application Self-Protection) to the catalog of controls required by the security and privacy framework. The update came in September of 2020 and it’s a first in recognizing this advancement in application security by now requiring RASP.
By running on same server as the application, RASP solutions provide continuous security for the application during runtime. For example, as mentioned earlier, a RASP solution has complete visibility into the application, so a RASP solution, like the one from K2 Cyber Security can analyze an application’s execution to validate the execution of the code, and can understand the context of the application’s interactions.
K2 Cyber Security’s RASP solution offers significant application protection while at the same time using minimal resources and adding negligible latency to an application.
Here at K2 Cyber Security, we’d like to help out with your RASP and IAST requirements. K2 offers an ideal runtime protection security solution that detects true zero-day attacks, while at the same time generates the least false positives and alerts. Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has no false alerts.
K2’s technology can also be used with DAST testing tools to provide IAST results during penetration and vulnerability testing. We’ve also recently published a video, The Need for Deterministic Security. The video explains why the technologies used in today’s security tools, including web application firewalls (WAFs) fail to prevent zero day attacks and how deterministic security fills the need for detecting zero day attacks. The video covers why technologies like artificial intelligence, machine learning, heuristics, fuzzy logic, pattern and signature matching fail to detect true zero day attacks, giving very specific examples of attacks where these technologies work, and where they fail to detect an attack.
The video also explains why deterministic security works against true zero day attacks and how K2 uses deterministic security. Watch the video now.
Change how you protect your applications, include RASP and check out K2’s application workload security.