Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Zero-day exploits: Separating fact from fiction

Roger A. Grimes | June 29, 2016
You may be surprised by the number and availability of zero-days, but that's no reason to let an attack catch you unprepared

First, there are dozens of companies that offer products claiming to detect 100 percent of malware and exploits, including zero-days. Anytime you encounter that claim, run the other way as fast as possible. What they're saying simply isn't possible -- or isn't possible without a ton of false positives. (All you well-meaning vendors about to email me to say I'm wrong, that you can in fact detect 100 percent of all malware? Please don't waste the time and electronic bits -- please.)

Nonetheless, you can find solutions that help detect and/or defend against zero-days. If you're worried about the risk or have been targeted before, it can't hurt to test. Your best bet is to get a reference from a customer that successfully used the product.

But that's not all you should do. Have general mitigations ready to deploy. If you have an Active Directory network, consider using group policy to deploy those mitigations. Use them to disable affected services. Use network and host-based firewalls to limit malicious spread and damage.

Make sure you have a good incident response team and process in place. Make sure you have top-notch forensic investigators, at least on-call. Be prepared to shut down the affected network segment -- or perhaps even the entire network -- to stop the threat. Can that be done? Would you have senior management's support? Decide ahead of time when to involve senior management.

Most companies will never be hit by a zero-day attack. But that doesn't absolve you from adequately preparing for one.

Source: Infoworld 


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.