Silicon Valley based K2 Cyber Security has emerged from stealth mode with a technology that prevents zero-day attacks by monitoring app performance in the cloud.
K2 is able to create an execution map for each application and is able to stop it if it is hijacked by malware.
Also: Exploit vendor drops Tor Browser zero-day on Twitter
"This hasn't been done before," says Pravin Madhani, CEO and co-founder of K2. "Because it is very difficult to do. We are able to create an execution map for each application in minutes and then monitor it in real-time. There are no false positives."
Zero-day attacks exploit an unknown weakness in enterprise systems, making them very difficult to prevent and can generate many false alerts. K2's approach means that any zero-day attack can be stopped because it would generate a signal outside of the app's execution map.
Known as optimized Control Flow Integrity (CFI), K2 is able to exert operational controls to prevent malware from changing the execution of an app and this also applies to micro-services used in public and private clouds in the enterprise.
Madhani says that this deterministic approach is unique in the industry. K2 has filed for seven patents to protect its IP.
Traditional approaches to CFI have relied on pinpointing potential malicious actions -- which can be nearly infinite in combination -- making detection hit and miss. They also impose significant overhead on IT performance and can require extra hardware. K2's approach is to focus on monitoring only the execution of the application as it was designed and validating the actions based on its one-time analysis of the app.
K2 offers two modules: its Prevent module offers real-time detection of zero-day attacks; its Segment module isolates workloads in the cloud and assigns unique cryptographic identities before they are allowed to communicate. This prevents lateral movement of malware in hybrid-cloud IT environments.
Zero-day attacks and unpatched systems are vulnerabilities that have been exploited many times by hackers. They are difficult to guard against and current cyber security systems rely on spotting the behavior or signatures of the malware, but this generates large numbers of false alerts -- keeping security teams tied up with investigating too many incidents.
K2 claims it has "the first true solution for zero-day attack detection," and that it does not produce any false positives. It prevents attacks in real-time on unpatched software, web apps, and apps running on virtualized machines, containers, or bare metal.
K2 also claims that its approach is future-proof: "An attacker cannot circumvent detection even with new and enhanced attack techniques."
Medhani says that K2's technology might also find a use in helping developers create highly secure apps by using the execution map to plug any potential problems in software's performance.
K2 was founded in 2017 and raised $6 million in seed funding earlier this year.