Q
Manage Learn to apply best practices and optimize your operations.

How can zero-day attack prevention be improved?

Cognitive technology can aid IT teams in zero-day attack prevention and vulnerability detection -- if you know the right way to deploy it.

Zero-day exploits present enterprises with a very difficult challenge: How can a vulnerability be repaired and...

an attack averted when there is no realization that such a flaw actually exists and, thus, there's no patch for it? By definition, a zero-day vulnerability is a susceptibility that the software or appliance vendor is unaware of and, therefore, has no patch to correct it. 

With a highly organized and very sophisticated cybercriminal underground in action, the rise of zero-day -- sometimes referred to as zero-hour -- attacks is driving the security community as a whole to come up with ways to find and fix vulnerabilities more rapidly.

The good news is security vendors are making solid progress both in terms of technology advances on the part of the vendors and in cooperating across the industry to share threat intelligence to accelerate attack recognition and mitigation efforts. The result is improvements in zero-day attack prevention.

Risk & Repeat: Shadow Brokers launch zero-day exploit service

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Shadow Brokers' monthly service for zero-day exploits and how it may affect enterprise security efforts.

Machine learning enters the picture

As important as advances in areas like machine learning are to thwarting attacks, the most sophisticated technology is useless if the right practices aren't in place.

Machine learning is one area where vendors are making major strides toward improving zero-day attack prevention. The cognitive technology watches traffic patterns across a network, learning what is normal. From that baseline, the cognitive technology tracks activity across a customer network, looking for anomalous traffic patterns that are indicative of a potential threat. 

Security researchers are also using machine learning to monitor activity on the darknet, where hackers share information, and the deep web, where cybercriminals can buy malware and exploit kits. This is helping the security community as a whole uncover potential exploits in time to make an effort to patch the vulnerabilities.

Putting together the big picture

Managed security service providers and security vendors also rely on their own networks of sensors to monitor activity worldwide, which can provide important data used for zero-day attack prevention. Security research teams are making some progress on sharing intelligence to expedite vulnerability and threat identification.

In the end, as important as advances in areas like machine learning are to thwarting attacks, the most sophisticated technology is useless if the right practices aren't in place. This means enterprises must not only properly patch vulnerabilities, but also ensure new appliances are configured correctly.

What is clear is even as security vendors accelerate their pace of innovation, cybercriminals seem to be moving even faster. Staying alert and focused is critical. 

Next Steps

Addressing vulnerabilities that could lead to zero-day attacks

Using anomaly detection to stop attacks

Machine learning booms for cybersecurity

This was last published in September 2017

Dig Deeper on Network Security Monitoring and Analysis

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How are you working to improve zero-day exploit prevention?
Cancel

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close