K2 Cyber Security’s CFI Technology, Blazes The Trail For Detecting

With tight competition in the anti-malware market, it is very difficult for any startup to compete against decades-old giants like Norton, McAfee, Sophos, Kaspersky, etc. But seems like K2 Cyber Security, a new kid on the block has something special to offer consumers when it comes to cloud computing security. The Silicon Valley startup has made a splash with their development of monitoring platform for cloud applications which prevents malware from being injected into.

“This hasn’t been done before. Because it is very difficult to do. We are able to create an execution map for each application in minutes and then monitor it in real-time. There are no false positives,” explained Pravin Madhani, K2 Cyber Security’s Chief Executive Officer.

The CFI technology (Control Flow Integrity), gives the system managers the granular control over the execution of the app. That means the app itself will never be modified on the entire duration of its execution procedure. Creating a secure platform for the app to run without any compromise for the user, both in the security and performance standpoint.

With this technology, even apps with known zero-day vulnerabilities cannot be taken advantage of by the cybercriminals. Zero-day exploits require the app to perform an action beyond the expectation, hence requires the cooperation of its container in order to be successful.

“Most of the security solutions out there are either behavior-based, machine learning or AI-related, but what we accomplished is a completely new vector of how to stop an attacker from exploiting your vulnerabilities, and this is where optimized control flow integrity comes into play. Sooner or later, an attacker is going to take over the process execution, and when the execution attempt occurs we intervene,” emphasized Madhani.

Prior to this breakthrough, malware is detected through signatures which antivirus vendors extract from a live copy of the virus itself. This is usually done through honeypots, specially built computers to deliberately get infected by wild malware. This old method is not always effective nowadays, as many virus authors create polymorphic versions of their creations. Polymorphic malware changes its signature for every infection case, that means an antimalware scan engine based-on the signature system may not be able to detect it. Another classic method of detecting malware is through real-time behavioral analysis and tagging, also known as Heuristics scan. The negative aspect of heuristics its vulnerability to commit false positives, detection of malware where there was none of it exists in the system.

“We provide an identity to each workload and have IPsec underneath, so we don’t use any network overlays. What we are doing is deploying as a sidecar proxy and we are getting K2 to every container rather than deploying with a service mesh. Istio is good for authentication, but we also do segmentation, which you cannot do with Istio,” added Madhani.

With this development, the rest of the antivirus industry will have to go back to the drawing board and provide a similar method in addressing malware, especially protecting cloud storage. It is only right for antimalware vendors to be updated with times since the signature-based malware scanning and behavioral-based heuristics scans no longer cut it in detecting modern malware. There is money to be earned from virus development; cybercriminals already earned a lot of money from their previous campaigns, which means that funding for new malware development is cheap for them.