Zero-day attacks are one of the most dangerous cybersecurity threats. This type of cyberattack targets software vulnerabilities previously unknown to software or antivirus vendors, exploiting those vulnerabilities before they can be mitigated. As a result, zero-day attacks enter a system without any defenses in place — giving administrators zero days to fix the already exploited security flaw.
Web browsers, email attachments and zero-day malware are common attack vectors for zero-day attacks. The targets of these attacks include large and small enterprises with valuable business data, home internet users and Internet of Things (IoT) devices.
Technical challenges of coping with zero-day attacks
By definition, zero-day attacks are only detected on the day they occur. This makes them an enormous technical challenge for software administrators and cybersecurity professionals.
While consistent and robust vulnerability scanning is an important part of any cybersecurity strategy, it does little to specifically prevent zero-day attacks. Vulnerability scanning can detect some — but not all — zero-day exploits. Even when such attacks are detected via scanning, IT professionals must act immediately to perform code review and sanitize their code. In most cases, the attacker acts faster than the organization, and the vulnerability is detected but exploited at the last minute.
Another common cybersecurity solution is patch management, or the quick deployment of software patches to cover up security vulnerabilities. Like vulnerability scanning, however, patch management isn’t entirely effective in blocking zero-day attacks. While the detection and patching of vulnerabilities do prevent some attacks, other vulnerabilities may be left undetected, and hackers can act in the time it takes to discover and patch vulnerabilities.
Best practices to protect against zero-day attacks
Given the unique challenges of preventing zero-day attacks, there are several best practices you can implement to mitigate risk.
Use an effective WAF
The most powerful way (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Shachar Shamir. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/ZbtVobAjQAk/