Proving Zero Day Detection Capabilities

Screenshot of K2’s Detection of Apache Druid Zero Day Exploit

In today’s world of increasing zero day attacks and the increasing success of zero day attacks, the ability to detect and protect applications and workloads from zero day attacks is more important than ever.  Many security vendors claim they are able to detect zero day attacks and protect your applications from those attacks.

Proving Zero Day Detection is Difficult

The verification of those claims though is difficult, and hard for a typical security organization to prove when testing a security product to decide whether to use for your organization.

Security vendors, like ourselves find it even harder when we’re trying to convince a new customer that our approach is different, unique, and can truly detect a zero day attack.

Juniper Reported a New Zero Day in Apache Druid

That’s why K2’s engineering team took it up as a challenge this month when Juniper’s threat research team reported on a new zero day vulnerability on Apache Druid, CVE-2021-25646 that allows remote code execution on the Apache server through a Javascript vulnerability.

K2 Security Platform Detects the Zero Day Attack

Since Juniper’s threat research team was able to provide detailed information on the vulnerability including how to exploit it, K2’s engineering team started up an Apache server running the Druid code, and protected it with K2 Security Platform, our runtime application security solution.  The team then proceeded to launch a remote code injection attack using the exploit information from Juniper. The K2 agent running on the application server was able to detect and protect the application server against the remote code injection attack, and in the process, identifying the attack correctly as remote code injection, and providing the full attack details including where to find the vulnerability in the Druid code.  The whole exercise gave us a great example and proof point of K2’s ability to detect truly new zero day attacks.

Today’s Security Needs to Understand the Applications and Workloads

Application and workload security needs to have visibility into the application itself, along with the ability to understand the transactions happening between the end-user and the application and the application with the APIs it is using to access data.

Unlike network and platform security solutions, a K2’s Runtime Application Self-Protection (RASP) solution can see what’s happening inside the application, to determine if there’s inappropriate use of the application itself.  In addition, K2’s RASP offers self protection for applications and workloads.

K2 Security Platform solution has code level visibility into applications and workloads and can analyze all the activity related to applications and workloads to accurately identify when an attack occurs, thereby reducing the amount of false positives.

NIST adds RASP to the Security Framework

Even the latest revision of NIST SP800-53 includes the addition of RASP (Runtime Application Self-Protection) to the catalog of controls required by the security and privacy framework.  The update came in September of 2020 and it’s a first in recognizing this advancement in application security by now requiring RASP.

By running on same server as the application, K2 Security Platform provides continuous security for the application during runtime.  For example, as mentioned earlier, our RASP solution has complete visibility into the application, so  K2  can analyze an application’s execution to validate the execution of the code, and can understand the context of the application’s interactions.

K2 Cyber Security’s RASP solution offers significant application protection while at the same time using minimal resources and adding negligible latency to an application.

How K2 Can Help Improve Application Security

Here at K2 Cyber Security, we’d like to help out with your RASP and IAST requirements.  K2 offers an ideal runtime protection security solution that detects true zero-day attacks, while at the same time generates the least false positives and alerts.  Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge.  Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended.  There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has no false alerts.

K2’s technology can also be used with DAST testing tools to provide IAST results during penetration and vulnerability testing.  We’ve also recently published a video, The Need for Deterministic Security.  The video explains why the technologies used in today’s security tools, including web application firewalls (WAFs) fail to prevent zero day attacks and how deterministic security fills the need for detecting zero day attacks.  The video covers why technologies like artificial intelligence, machine learning, heuristics, fuzzy logic, pattern and signature matching fail to detect true zero day attacks, giving very specific examples of attacks where these technologies work, and where  they fail to detect an attack.

The video also explains why deterministic security works against true zero day attacks and how K2 uses deterministic security.  Watch the video now.

Change how you protect your applications, include RASP and check out K2’s application workload security.

Find out more about K2 today by requesting a demo of our zero day attack detection, or get your free trial.



The post Proving Zero Day Detection Capabilities appeared first on K2io.

*** This is a Security Bloggers Network syndicated blog from K2io authored by Timothy Chiu, VP of Marketing. Read the original post at: