UncategorizedToday's security fails to detect new zero day attacks

Blog

November 19, 2020 Timothy Chiu, VP of Marketing
Why Do Zero Day Security Technologies Fail to Protect Against Zero Day Attacks?

Back in March of 2020, we wrote about a new Ponemon study on the State of Endpoint Security Risk that reported that completely new or zero-day attacks have been increasing and are expected to double in the next year.  The latest estimate is that around 42 percent of all attacks next year will be zero-day attacks, while the number of attacks based on known methodologies will decrease from 77 percent down to 58 percent in the coming year. The increase in zero-day attacks should be a  cause for significant concern. Almost 80 percent of successful breaches happen because of  attacks that either involve the exploitation of undisclosed vulnerabilities in applications or the use of new/polymorphic malware variants that signature-based detection solutions do not recognize.

And these attacks continue to succeed even with all the security measures that organizations have put in place.  Even novel approaches in security technologies like heuristicsfuzzy logicmachine learning and artificial intelligence (AI) have a difficult time detecting zero-day attacks because they still rely on past and known attacks as a starting point for building their detection methods for new zero day attacks, and these technologies are basically looking for variants to known and past attacks.  A true zero-day attack is successful because it is completely new and has no ties or basis in past exploits.

If you look at how most organizations handle application security today, we know that most are lacking a good runtime solution for their applications, and are relying on standard anti-virus or Endpoint Detection and Response (EDR) solutions (solutions that are designed for end-user systems) to protect their servers.  Another research point from the Ponemon report that should be a cause for concern for these organizations is that standard anti-virus products missed an average of 60 percent of attacks.  In addition, respondents to Ponemon’s survey indicated that traditional anti-virus products had high numbers of false positives and false alerts and were a challenge to manage in their environments. The failure of anti-virus and EDR solutions to protect against advanced zero-day attacks, should highlight the need for an effective runtime protection.

An ideal runtime protection security solution should be able to detect zero-day attacks, while at the same time generate no false positives and alerts.  At K2 Cyber Security, that’s the main benefit of our K2 Platform for Application Security.  Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect zero-day attacks.  Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended.  There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has no false alerts.

Here at K2 we’ve published a video, The Need for Deterministic Security.  The video explains why the technologies used in today’s security tools, including web application firewalls (WAFs) fail to prevent zero day attacks and how deterministic security fills the need for detecting zero day attacks.  The video covers why technologies like artificial intelligence, machine learning, heuristics, fuzzy logic, pattern and signature matching fail to detect true zero day attacks, giving very specific examples of attacks where these technologies work, and where  they fail to detect an attack.

The video also explains why deterministic security works against zero day attacks, how K2 uses deterministic security and why it’s required to combat today’s zero day attacks.  Watch the video now.

Change how you protect your applications and check out K2’s application workload security.

Find out more about K2 today by requesting a demo, or get your free trial.

 

 

Share this

Leave a Reply

Your email address will not be published. Required fields are marked *

K2 CYBER SECURITY

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks including OWASP Top 10 and memory-based attacks, and provides additional vulnerability detection. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production servers to identify the location of the vulnerable code in real-time. K2’s solution generates almost no false alerts, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools including Web Application Firewalls, and dramatically reduces security cost. K2 Cyber Security is located in the USA, and provides cyber security solutions globally.

CONTACT INFO

K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131