After the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 Security Framework that includes a requirement for Runtime Application Self-Protection (RASP), you may be wondering how you can learn more about RASP and incorporate it into your infrastructure. The new standard was just released on September 23, 2020. It turns out the SANS Institute created a report titled, “Runtime Application Self-Protection (RASP), Investigation of the Effectiveness of a RASP Solution in Protecting Known Vulnerable Target Applications“ in April of 2019, and covers a lot of useful information about what RASP is and includes tests showing how effective RASP solutions can be at providing security for web applications. Unfortunately the report pre-dates K2 Cyber Security’s introduction of our K2 Security Platform RASP solution, and we could not be included in the testing.
RASP solutions like the one from K2 Cyber Security offer significant application protection while at the same time using minimal resources and adding negligible latency to an application. K2 Security Platform uses runtime deterministic security to monitor the application and has a deep understanding of the application’s control flows, DNA and execution. By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack. Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten, including XSS and SQL Injection.
K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution. K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application. To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.
Change how you protect your applications, and check out K2’s web application and application workload security solution.