Google Report Shows Zero Day Exploits On Track to Meet or Top Last Year’s Numbers

Hacker in black hoodie holding laptop with virtual display server data, chart bar, binary code and world map over dark background

ZDNet recently reported on a new Google report from Google’s Project Zero security team, showing that eleven zero-days detected in the wild in the first half of 2020.  That puts 2020 on track to match or top last year’s total number, when Google researchers found 20 zero-day exploits.  This news corresponds with other reports this year showing an increase in zero day attacks.

Google’s report is based on Google’s internal statistics about in-the-wild zero-day usage going as far back as 2014, when the company began tracking zero day stats. Of the 20 zero-days tracked by Google in 2019, eleven of the 20 zero-days impacted Microsoft products. Two companies discovered half of all of 2019’s zero-days (Google discovered 7 and Kaspersky found 4).

With these continued stream of zero day attacks, it’s more important than ever to make sure you’ve got security for your web applications and application workloads.  It’s also important to remember that zero-day attacks are becoming more and more sophisticated.  With the ingenuity found in each new zero day attack, it’s more than likely the next big zero day attack will have no foundation in a past attack (since most security technologies like machine learning and artificial intelligence look at past attacks as a way to predict what a future attack will look like).  To detect the next new zero day attack we need to change the way we approach security.  We need to look at technologies that don’t rely on past attacks, for example, using deterministic security based on the application itself, rather than past attacks.

K2’s runtime deterministic application security platform monitors the application and has a deep understanding of the application’s control flows, DNA and execution.  By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack.  Deterministic security results in the detection of sophisticated zero day attacks.

K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution.  K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application.  To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.

Change how you develop and protect your applications.

Find out more about K2 today by requesting a demo, or get your free trial.



The post Google Report Shows Zero Day Exploits On Track to Meet or Top Last Year’s Numbers appeared first on K2io.

*** This is a Security Bloggers Network syndicated blog from K2io authored by Timothy Chiu, VP of Marketing. Read the original post at: