February 14, 2015

Protecting Against ‘Zero Day’ Exploits

As cyber-criminals grow more sophisticated in skill and resource, the potential impact of exploits on personal, government and business systems has grown.

A zero day exploit is, by definition, a newly discovered vulnerability that can be attacked or utilized for nefarious purposes before a patch or other security measure can be implemented. The term is inclusive of any malicious action taken opportunistically against a system before the security community can develop a solution to counter it.

The wide category is a growing concern as timelines shrink in the increasingly fast-moving information age. Vulnerabilities that may have historically taken months for criminals to maneuver after discovery can sometimes now be exploited in a matter of days or even hours. Network World reports that even services as seemingly benign as popular websites and services can inject malicious code to a user’s computer undetected and before security professionals are aware of the gap.

Prevention

Whether securing a personal device or an enterprise, a ‘defense-in-depth’ approach must be utilized. Firewalls, anti-virus programs, and intrusion detection or intrusion prevention systems (IDS and IPS, respectively), are all key to maintaining a layered security posture. Even simple steps on the user-level can layer protection; the publication PC World reported in a recent article on various methods and applications to reduce web-tracking practices that could provide social engineers or other third-parties potentially compromising information. Limiting connections between devices or software environments also prevents spread in event of infection.

Applying such measures in advance of a threat can drastically mitigate future breaches.

Also, purposeful and attentive monitoring, preferably coupled with automated alerts, can be a key factor to investigating activities and traffic that exceed normal patterns. An established baseline can be the best defense, as data indicating a departure from that range often indicates an event worthy of further investigation. The process is also known as Network Behavior Anomaly Detection (NBAD). For large enterprises, solutions abound for analyzing state changes…on a user level, detection can be as simple as perceiving a change in speed or appearance in commonly used processes and reporting it to a competent professional.

While seemingly trivial, consistent updates of resident software can be the best defense. Automatic updates will provide the best protection, but even persistent checking for any released patches or critical updates is recommended due to lag time between release and deployment when compared to the speed at which criminals can act.

Awareness

There’s also no substitute for education. Familiarizing oneself with best practices and paying attention to the news are, at the individual-level, among the best tools for protection. For large structures maintaining their own information systems and services, user-training and an emphasis on smart usage will greatly assist in exposing systems to new issues.

Assistance

Many organizations are not staffed with full-time security professionals and it can be challenging to maintain currency in a constantly evolving field. Budgeting for firms with outside expertise or reaching out to industry experts can shore up existing defenses and provide insight on best practices. Individuals can reach out to informed friends or family or research via the web on volumes of applicable sites, blogs, and user-friendly publications. If a breach or infection is suspected, response is generally best left to a professional.

A zero day attack may not be foreseen, but a few preventative steps can greatly reduce risk and allow for performance continuity when one arises.

______________

The author is a Consultant at Tevora Business Solutions, based in Lake Forest, California, where he assists clients with security and compliance initiatives. He has over 15 years of experience in Information Technology leadership and security management as an enlisted Radio Operator and Communications Information Systems Officer in the U. S. Marine Corps.