Defense against Zero day attacks

Zero day attack is one of the most serious threats to the enterprise. No organization that has Internet-based operations in some capacity is immune to zero-day exploits. Exploits under this category goes unnoticed until a specific vulnerability is actually identified and reported. These attacks are often difficult to defend against because it is mostly detected only after it has completed its course of action. Therefore it is a true challenge for an organization to protect their networks, applications and systems from these attacks.

How this happens?

Vulnerability is an error in software that could be exploited. It is not a problem by itself, since it will not affect the normal functioning of software or a system. However, if such vulnerability is first detected by an attacker, it becomes a serious threat. Since the vulnerability is first detected by attacker and there is no patch released by the vendor yet, attacker may exploit the vulnerability using malware, spyware or other techniques.

Both the developers and security analysts might get zero-time to respond to these zero day attacks. The moment attack is detected, developers must work on fixing the vulnerability and the analyst should work on stopping the attack from spreading. Though companies implement strong protection using IDS, IPS, Firewalls etc., these are not enough to protect against zero day attacks because sometimes the attack is beyond the capabilities of these protection devices.

Protection mechanisms:

  1. Keep the software up to date:

Effective patch management and software updates play a vital role in protecting the organization's assets from zero day attack. Though zero day vulnerabilities are unknown to the vendor and there are no patch available, updated software might limit the scope of the attack thereby minimizes the further damage caused by the attack. So it is must to ensure that all patches and updates relevant to the organization’s environment are installed in a timely fashion.

  1. Use a quality anti-virus solution:

Traditional anti-virus programs with signature based and statistical based detection features might not detect zero day attacks as they look for particular signature or file. But a good anti-virus solution with heuristic analysis will not only look for signatures but also analyzes what a program does during its execution. This technique does not require prior knowledge of zero day attacks and can detect these attacks in its early phase. So it is recommended to use an advanced anti-virus solution to detect and contain the attack from causing further damage.

  1. Keep Incident Response Team in handy:

Even a great information security infrastructure cannot guarantee a full protection against unknown attacks. Since there is no reliable mechanism to completely protect assets against zero day attack, it is highly advised to keep a well-trained group of people who can respond promptly and correctly to the incidents. Organizations must ensure that the duties between the individuals in response team are segregated and they respond quickly when called upon to perform recovery and containment actions.

Authored by Saravanan M

Rate this article: 
Average: 5 (1 vote)
Article category: