A study this year by FireEye has found that more attackers used zero day exploits in their cyber attacks in 2019 than in any of the previous three years. Included in the report is the troubling discovery that the types of cyber criminals using zero day exploits has expanded to a wider group of attackers due to the availability of hacking tools on the market.
The report expects the use of zero day exploits to continue to increase over the coming years, and to that these exploits will be used by more and more diverse groups of attackers.
What does this mean for the typical enterprise? We know that applications are still making it to production with significant numbers of vulnerabilities. These vulnerabilities still include those referenced in the OWASP Top 10 web application risks. So the types of exploits aren’t new, yet organizations are still not finding these vulnerabilities in their testing during the development cycle.
It’s more important than ever to protect web applications during production, given the likelihood they have exploitable vulnerabilities. The National Institute of Standards and Technologies (NIST), has recently recognized this need, adding the requirement of RASP (Runtime Application Self-Protection) to the latest draft revision of the Application Security Framework, SP800-53.
If you’re not looking at RASP yet, maybe it’s time to start investigating the technology to see how it can help protect your applications that are running in production. RASP offers runtime protection from the OWASP Top 10 risks, and detects zero day attacks.
K2 Cyber Security provides deterministic runtime application security that detects zero day attacks, along with well-known attacks. K2 issues alerts based on severity and includes actionable alerts that provide complete visibility to the attacks and the vulnerabilities that the attacks are targeting including the location of the vulnerability within the application, providing details like file name and line of code where the vulnerability exists.
K2 can also help reduce vulnerabilities in production by assisting in pre-production testing and addressing issues around the lack of remediation guidance and the poor quality of security penetration testing results. K2 Cyber Security Platform is a great addition for adding visibility into the threats discovered by penetration and security testing tools in pre-production and can also find additional vulnerabilities during testing that testing tools may have missed. K2 can pinpoint the exact location of the discovered vulnerability in the code. When a vulnerability is discovered (for example, SQL Injection, XSS or Remote Code Injection), K2 can disclose the exact file name along with the line of code that contains the vulnerability, details that testing tools typically are unable to provide, enabling developers to start the remediation process quickly.
Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, K2 uses a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has minimal false alerts.
Get more out of your application security testing and change how you protect your applications, and check out K2’s application workload security solution.
*** This is a Security Bloggers Network syndicated blog from K2io authored by Timothy Chiu, VP of Marketing. Read the original post at: https://www.k2io.com/more-attackers-using-zero-day-exploits/