A new Ponemon study on the State of Endpoint Security Risk was released in January of 2020, the third annual report they have produced on this topic. One of the key findings of the report is that completely new or zero-day attacks have been increasing and are expected to double in the next year.
The latest estimate is that around 42 percent of all attacks next year will be zero-day attacks, while the number of attacks based on known methodologies will decrease from 77 percent down to 58 percent in the coming year. The increase in zero-day attacks is a cause for significant concern. Almost 80 percent of successful breaches happen because of attacks that either involve the exploitation of undisclosed vulnerabilities in applications or the use of new/polymorphic malware variants that signature-based detection solutions do not recognize.
Even novel approaches in security technologies like heuristics, fuzzy logic, machine learning and artificial intelligence (AI) have a difficult time detecting zero-day attacks because they still rely on past and known attacks as a starting point, and look for close variants to those attacks. A true zero-day attack is successful because it has no ties to past exploits.
Organizations are lacking a good runtime solution for their applications, and are relying on standard anti-virus or Endpoint Detection and Response (EDR) solutions to protect their servers. Another research point from the Ponemon report should be a cause for concern for these organizations is that standard anti-virus products missed an average of 60 percent of attacks. In addition, respondents to Ponemon’s survey indicated that traditional anti-virus products had high numbers of false positives and false alerts and were a challenge to manage in their environments. The failure of anti-virus and EDR solutions to protect against advanced zero-day attacks, should highlight the need for an effective runtime protection.
An ideal runtime protection security solution should be able to detect zero-day attacks, while at the same time generate no false positives and alerts. At K2 Cyber Security, that’s the main benefit of our K2 Platform for Application Security. Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect zero-day attacks. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about the attack or the underlying vulnerability, which gives our approach the true ability to detect zero-day attacks. Our technology has 8 patents granted/pending, and has no false alerts.
If you’re looking for an application security solution that meets today’s needs for security, with true zero-day attack detection and no false alerts, you can request a demo or follow up from our sales team.