How to protect your company from zero-day attacks

Any attack that takes advantage of the "window of opportunity" as a result of newly discovered vulnerabilities is called a zero-day attack. In other words, this is a swift attack performed by cyber-criminals before security experts can eliminate this vulnerability ... or even before they know about this attack.

Any attack of this type is the dream of any hacker , because she guarantees instant fame (sometimes these vulnerabilities spread on the “shadow Internet”), while such attacks are known for their destructiveness (especially when it is used by a hacker for its own benefit). Also, such attacks are a useful tool for governments of several countries that are trying to disrupt the work of foreign systems or enterprises.
')
Zero days search path

Protection against such attacks is so important that large technology companies use their own hacker teams that try to detect and investigate zero-day vulnerabilities before cyber-criminals take advantage of them.

The purpose of such teams is to develop appropriate patches, as well as inform the supplier of vulnerable software. For example, Google has its own hacker team called Project Zero , headed by Chris Evans, which includes other well-known hackers, such as George Hotz (winner of the largest vulnerability discovery prize in all of history), Tevis Ormandy, Ben Hawks and Brit Jan Beer. Other companies, such as Endgame Systems, Revuln, VUPEN Security, Netragard or Exodus Intelligence, are also active in detecting such threats.

It is important to keep in mind another aspect related to zero-day vulnerabilities . If the hackers who discovered the vulnerability decided not to spread information about it and chose a more discrete way to use it, then users could be at risk from these unknown vulnerabilities for weeks, months or even years (these are the so-called persistent threats of increased complexity - APT or Advanced Persistent Threats ).



How to protect against zero day attacks

As mentioned above, it is very difficult to determine where the danger of such zero-day attacks may come from. It’s impossible to just make a vaccine for them. We may know about the existence of such attacks, but we do not know what caused them. Therefore, traditional security tools (for example, antivirus ) are not able to deal with potential malware that has not yet been identified.

However, there are certain actions and measures that could help us reduce the destructive impact of zero-day attacks.

• Never install unnecessary programs : each program installed on your system is a window for penetrating potential zero-day attacks. It is recommended to periodically review the list of installed programs and delete those that you no longer use.
• Do not forget the updates : your existing software should always be updated to the latest version.
• Use a reliable firewall : if it is impossible to detect a malicious program that penetrates using an unknown vulnerability, then you may be able to detect a suspicious connection and block it while it is not too late.

However, if we go further, it is very important that our systems have an additional protective barrier that does not depend on the signature technology of malware detection. Taking into account this fact, Panda Security has developed Adaptive Defense 360 , which is based on different approaches: monitoring each application and analyzing their behavior in real time using machine learning techniques and Big Data platforms.

All this allows Adaptive Defense 360 ​​to offer two types of locks:

• The main blocking mode , which allows the launch of both software marked as goodware (non-malware) and applications that have not yet been cataloged by automated systems and Panda Security experts.
• Advanced lock mode , which allows only the launch of those applications that are marked as goodware.