A new article in Tech Republic is predicting that Linux servers and workstations will be the next big target for hackers. There has been an increase in the tools that are being developed targeting Linux systems, and it’s believed the targets will be Linux systems being used by government and big business.
While we traditionally think about Windows systems being the one vulnerable to attacks and exploits, it’s often the case that organizations host their important servers and systems on Linux systems. We also know that open-source platforms are on the rise, so it should be no surprise that Linux systems are increasingly targeted by hackers. According to the article, cyber criminals are adding to their hacking tools specifically around Linux systems.
The article also mentions that for Linux, “a suite of webshells, backdoors, rootkits and custom-made exploits are readily available” to cyber criminals and that a successful attack on a Linux system typically has broader consequences than for other platforms.
While it has always been important to protect applications running on Linux systems in production, this latest news item on Linux systems is a good reminder to re-evaluate your security around internet facing systems and applications, including Linux systems. In addition to making sure as few vulnerabilities make it to production as possible in internet facing applications, organizations need to look at how they are protecting systems and applications that are open to the internet.
While the typical application security layer is edge security, typically Web Application Firewalls (WAFs), with the increase in zero day attacks, and the problems organizations are facing with their WAF deployments, it’s time to take the latest changes in the NIST (National Institute of Standards and Technologies) SP 800-53 framework for application security. The latest draft of the framework includes the requirement for RASP (Runtime Application Self Protection). RASP provides security that’s close to the application, and provides an important layer of security that has greater visibility and control than edge security offers.
K2 Cyber Security can provide a deterministic runtime application security layer that detects zero day attacks, along with well-known attacks. K2 issues alerts based on severity and includes actionable alerts that provide complete visibility to the attacks and the vulnerabilities that the attacks are targeting including the location of the vulnerability within the application, providing details like file name and line of code where the vulnerability exists.
Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, K2 uses a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge. Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended. There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has minimal false alerts.
Get more out of your application security testing and change how you protect your applications, and check out K2’s application workload security solution.