Security Startup Boldly Claims ‘No False Positives’
Startup K2 Cyber Security says its cloud workload security platform it unveiled today offers attack detection in real time with no false positives, regardless of an application’s patch status.
Additionally, its identity-based segmentation with cryptography prevents the lateral movement of threats, Pravin Madhani, CEO and co-founder of K2 Cyber Security, told Security Boulevard.
“Rather than trying to figure out the behavior of how the attacker came in and what the attacker is trying to do, our solution is deterministic,” he said. “Nobody else is doing this in the industry—it is definitely a brand-new approach.”
In addition to providing protection for applications running on on-premises servers, the platform is especially geared for cloud applications, including, of course, Kubernetes and microservices for cloud native deployments, Madhani said.
“As organizations move to the cloud, workloads and application infrastructure become critical attack surfaces for CISOs to contend with,” he said. “Our deterministic approach substantially lowers the cost of defense—no more false alarms or days spent on forensic analysis.”
With Kubernetes and the cloud, for example, a direct attack on an application consists of lateral movement as the attacker moves “to get to the real application,” Madhani said. “Previously, when protecting against these lateral movements, machines were static and on-premise with static IP addresses on LAN networks. Now, IP addresses are changing on the cloud, so dynamically segmenting the application has been a challenge, but our cryptographic process solves the problem by identifying each workload and segmenting it.”
K2’s platform, which has attracted $6 million in recent seed funding for the startup from GreatPoint Ventures and Embark Ventures, consists of two principal technologies. Its Optimized Control Flow Integrity (CFI) was developed to ensure an application executes only as designed, enabling what K2 says is “an industry first” by offering real-time attack detection with no false positives as described above by preventing lateral movements of threats, thanks to its identity-based micro-segmentation capabilities, according to the company.
K2 Segment enforces the isolation of workloads, secures data in motion and prevents lateral movement of threats in hybrid cloud environments, the company said. It does this by assigning cryptographic identities to workloads that authenticate each other before permitting communication. Firewall and segmentation policies that govern workload connectivity are applied based on these identities instead of their static IP addresses. This enables bi-directional enforcement of security policies and correct isolation without the latency and subsequent inaccuracies that occur with monitoring-based approaches to application-level segmentation.
Among those briefed about the technology, Eric Grosse, former vice president, security and privacy engineering at Google and K2’s technical advisor, said K2’s CFI enforcement to detect and prevent attacks is a key selling point. “K2’s approach introduces a much-needed deterministic method for stopping zero-day exploits and protecting applications,” Grosse said.
David Wells, head of technology for ID90 Travel, said his company was skeptical of K2’s “no false positives” claim “until we experienced it firsthand.”
“K2 fundamentally improved our defensive posture in our public cloud environment,” Wells said. “Its solution is super-easy to deploy and manage, provides great visibility into our workloads and, best of all, we no longer waste precious time chasing false alarms.”
According to a recent report by Forrester Research, organizations are faced with managing the security of increasingly complex cloud environments, while also continuing to secure their on-premises server infrastructures. Legacy security systems are often inadequate, especially for the cloud, which helps to explain why by 2022, 60 percent of server workloads will use application control in lieu of antivirus, representing an increase from 30 percent at the end of 2017, according to Forrester.
The K2 solution was geared to fill the security challenge Forrester described, by offering organizations a solution that can extend to both advanced-cloud and to legacy on-premises deployments.
“When we put a host on your node, you have complete visibility of the applications that are running on the cloud and on-premises,” Madhani said.