Back in March of 2020, we wrote about a new Ponemon study on the State of Endpoint Security Risk that reported that completely new or zero-day attacks have been increasing and are expected to double in the next year. The latest estimate is that around 42 percent of all attacks next year will be zero-day attacks, while the number of attacks based on known methodologies will decrease from 77 percent down to 58 percent in the coming year. The increase in zero-day attacks should be a cause for significant concern. Almost 80 percent of successful breaches happen because of attacks that either involve the exploitation of undisclosed vulnerabilities in applications or the use of new/polymorphic malware variants that signature-based detection solutions do not recognize.
And these attacks continue to succeed even with all the security measures that organizations have put in place. Even novel approaches in security technologies like heuristics, fuzzy logic, machine learning and artificial intelligence (AI) have a difficult time detecting zero-day attacks because they still rely on past and known attacks as a starting point for building their detection methods for new zero day attacks, and these technologies are basically looking for variants to known and past attacks. A true zero-day attack is successful because it is completely new and has no ties or basis in past exploits.
If you look at how most organizations handle application security today, we know that most are lacking a good runtime solution for their applications, and are relying on standard anti-virus or Endpoint Detection and Response (EDR) solutions (solutions that are designed for end-user systems) to protect their servers. Another research point from the Ponemon report that should be a cause for concern for these organizations is that standard anti-virus products missed an average of 60 percent of attacks. In addition, respondents to Ponemon’s survey indicated that traditional anti-virus products had high numbers of false positives and false alerts and were a challenge to manage in their environments. The failure of anti-virus and EDR solutions to protect against advanced zero-day attacks, should highlight the need for an effective runtime protection.
An ideal runtime protection security solution should be able to detect zero-day attacks, while at the same time generate no false positives and alerts. At K2 Cyber Security, that’s the main benefit of our K2 Platform for Application Security. Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect zero-day attacks. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has no false alerts.
Here at K2 we’ve published a video, The Need for Deterministic Security. The video explains why the technologies used in today’s security tools, including web application firewalls (WAFs) fail to prevent zero day attacks and how deterministic security fills the need for detecting zero day attacks. The video covers why technologies like artificial intelligence, machine learning, heuristics, fuzzy logic, pattern and signature matching fail to detect true zero day attacks, giving very specific examples of attacks where these technologies work, and where they fail to detect an attack.
The video also explains why deterministic security works against zero day attacks, how K2 uses deterministic security and why it’s required to combat today’s zero day attacks. Watch the video now.
Change how you protect your applications and check out K2’s application workload security.