UncategorizedK2 Cyber Security | Zero Day Attack

March 23, 2020by admin0

Blog

March 23, 2020 By Timothy Chiu, VP of Marketing
Zero Day Attacks Are On The Rise

A new Ponemon study on the State of Endpoint Security Risk was released in January of 2020, the third annual report they have produced on this topic.  One of the key findings of the report is that completely new or zero-day attacks have been increasing and are expected to double in the next year.

The latest estimate is that around 42 percent of all attacks next year will be zero-day attacks, while the number of attacks based on known methodologies will decrease from 77 percent down to 58 percent in the coming year. The increase in zero-day attacks is a cause for significant concern. Almost 80 percent of successful breaches happen because of  attacks that either involve the exploitation of undisclosed vulnerabilities in applications or the use of new/polymorphic malware variants that signature-based detection solutions do not recognize.

Even novel approaches in security technologies like heuristicsfuzzy logicmachine learning and artificial intelligence (AI) have a difficult time detecting zero-day attacks because they still rely on past and known attacks as a starting point, and look for close variants to those attacks.  A true zero-day attack is successful because it has no ties to past exploits.

Organizations are lacking a good runtime solution for their applications, and are relying on standard anti-virus or Endpoint Detection and Response (EDR) solutions to protect their servers.  Another research point from the Ponemon report should be a cause for concern for these organizations is that standard anti-virus products missed an average of 60 percent of attacks.  In addition, respondents to Ponemon’s survey indicated that traditional anti-virus products had high numbers of false positives and false alerts and were a challenge to manage in their environments. The failure of anti-virus and EDR solutions to protect against advanced zero-day attacks, should highlight the need for an effective runtime protection.

An ideal runtime protection security solution should be able to detect zero-day attacks, while at the same time generate no false positives and alerts.  At K2 Cyber Security, that’s the main benefit of our K2 Platform for Application Security.  Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect zero-day attacks.  Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended.  There is no use of any prior knowledge about the attack or the underlying vulnerability, which gives our approach the true ability to detect zero-day attacks. Our technology has 8 patents granted/pending, and has no false alerts.

If you’re looking for an application security solution that meets today’s needs for security, with true zero-day attack detection and no false alerts, you can request a demo or follow up from our sales team.

Share this

Leave a Reply

Your email address will not be published. Required fields are marked *

K2 CYBER SECURITY

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks including OWASP Top 10 and memory-based attacks, and provides additional vulnerability detection. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production servers to identify the location of the vulnerable code in real-time. K2’s solution generates no false alerts, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools including Web Application Firewalls, and dramatically reduces security cost. K2 Cyber Security is located in the USA, and provides cyber security solutions globally.

CONTACT INFO

K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131