Zero-day exploits present enterprises with a very difficult challenge: How can a vulnerability be repaired and...
an attack averted when there is no realization that such a flaw actually exists and, thus, there's no patch for it? By definition, a zero-day vulnerability is a susceptibility that the software or appliance vendor is unaware of and, therefore, has no patch to correct it.
With a highly organized and very sophisticated cybercriminal underground in action, the rise of zero-day -- sometimes referred to as zero-hour -- attacks is driving the security community as a whole to come up with ways to find and fix vulnerabilities more rapidly.
The good news is security vendors are making solid progress both in terms of technology advances on the part of the vendors and in cooperating across the industry to share threat intelligence to accelerate attack recognition and mitigation efforts. The result is improvements in zero-day attack prevention.
Machine learning enters the picture
Machine learning is one area where vendors are making major strides toward improving zero-day attack prevention. The cognitive technology watches traffic patterns across a network, learning what is normal. From that baseline, the cognitive technology tracks activity across a customer network, looking for anomalous traffic patterns that are indicative of a potential threat.
Security researchers are also using machine learning to monitor activity on the darknet, where hackers share information, and the deep web, where cybercriminals can buy malware and exploit kits. This is helping the security community as a whole uncover potential exploits in time to make an effort to patch the vulnerabilities.
Putting together the big picture
Managed security service providers and security vendors also rely on their own networks of sensors to monitor activity worldwide, which can provide important data used for zero-day attack prevention. Security research teams are making some progress on sharing intelligence to expedite vulnerability and threat identification.
In the end, as important as advances in areas like machine learning are to thwarting attacks, the most sophisticated technology is useless if the right practices aren't in place. This means enterprises must not only properly patch vulnerabilities, but also ensure new appliances are configured correctly.
What is clear is even as security vendors accelerate their pace of innovation, cybercriminals seem to be moving even faster. Staying alert and focused is critical.
Addressing vulnerabilities that could lead to zero-day attacks
Using anomaly detection to stop attacks
Machine learning booms for cybersecurity