There are a lot of cyber-security startups that make use of artificial intelligence to help organizations detect new threats, but K2 Cyber Security isn’t one of them.
K2 officially emerged from stealth on Feb. 20 along with its cloud workload security platform that takes a deterministic real-time approach to help prevent threats, as well as protect organizations with workload isolation. Determinism is all about being able to repeat the same activity in the same way, which is enabled on the K2 platform with a technology the company refers to as Optimized Control Flow Integrity (CFI).
“Most of the security solutions out there are either behavior-based, machine learning or AI-related, but what we accomplished is a completely new vector of how to stop an attacker from exploiting your vulnerabilities, and this is where optimized control flow integrity comes into play,” Pravin Madhani, co-founder and CEO of K2 Cyber Security, told eWEEK.
Madhani explained that application source code typically follows a path that is repeated for regular operations. The K2 Prevent technology creates a map of how software is supposed to work and then when there is deviation, a determination is made if it is some form of attack.
Many modern attacks attempt to steal information from system memory, which is also something that K2 Prevent can help to stop. Madhani said that in the case of a memory leak, an attacker at some point has to change the flow and get access.
“Sooner or later, an attacker is going to take over the process execution, and when the execution attempt occurs we intervene,” he said.
In addition to being able to prevent attacks, K2 has another component in the platform called K2 Segment that provides workload segmentation and isolation. Madhani said K2 Prevent provides a cryptographic identity to every workload, which enables authentication and segmentation of workloads.
Network segmentation is often done with some form of overlay protocol like VXLAN, but that’s not the approach that K2 Prevent takes.
“We provide an identity to each workload and have IPsec underneath, so we don’t use any network overlays,” he said.
IPsec is an encryption protocol approach commonly used in VPN technology that can provide isolation.
How It Works
K2 deploys as a container that sits on the host that an organization wants to protect. K2 deploys in an approach known as a container-side car proxy that runs alongside other containers to intercept and protect workloads.
Madhani said K2 has purposefully chosen to deploy as a side car container, rather than to the Istio service mesh, which is an increasingly popular approach for implementing services across a cluster of containers.
“What we are doing is deploying as a side car proxy and we are getting K2 to every container rather than deploying with a service mesh,” he said. “Istio is good for authentication, but we also do segmentation, which you cannot do with Istio.”
Madhani emphasized that the deterministic nature of the K2 platform means that prevention happens automatically and there is no need for machine learning or additional threat intelligence. He added that K2 understands the correct flow of data execution and as such when data doesn’t execute the way it is designed, it can be blocked and the risk can be mitigated.
“Threat intelligence is all behavior; it’s about realizing an attacker is using a given technique,” he said. “What we are trying to do is fundamentally change that thinking. We don’t need any threat intelligence, we just have to focus on the application and how it should be executing.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.