Zero day attacks are common within today’s technological environment. With everything moving to automation and the cloud it’s become difficult to defend against. However, there are many ways to prepare and reduce the effective threat to an organization. Here are four best practices that will help reduce or remove the threat posed by many, if not all, zero day attacks.
The number one way to mitigate the damage from any attack on your system is to prevent it from happening in the first place. Maintaining a good firewall and up-to-date antivirus is the best step you can take to ensure the security of your system. A firewall, monitoring traffic in and out of your network, reduces unauthorized entry over the network. Even without knowing the exact nature of the attack, suspicious activity traveling in and out of the system can be stopped. The same is true of modern Antivirus and Endpoint Detection and Response (EDR). Even when it can not identify the specific zero-day threat from its virus database; it can often identify malicious intent from learned behavior in the system.
Should a zero-day threat make it into your network, your next goal should be to limit its effects. A defense-in-depth approach should always be taken by organizations to minimize potential damage to the company and its resources. Using security best practices across all software and hardware by enforcing compliance benchmarks where applicable. Benchmarking at the operating system layer, application layer and network layer will most assuredly prevent unauthorized access, lateral movement, and provide some level of alerting (if configured properly). By restricting user access to only essential files and systems we can limit the damage done to the smallest number of systems. A good security policy dictates that each account should only have full access to the systems needed to complete the user’s job.
It’s imperative that an organization should have a patch management policy and process, clearly communicated to all employees and coordinated with development, IT operations and security teams. As a part of that process there should be an emergency out of band patch process for zero day patches. This should be an accelerated path to lessen the potential exploit window of zero day vulnerabilities.
In larger organizations, it is important to use automation to manage patches. You can use patch management solutions to automatically source patches from software vendors, identify systems that require updates, test the changes introduced by the patch, and automatically deploy the patch to production. This avoids delays in deployment or patches, and prevents the inevitable legacy system that is forgotten or left behind when systems are updated.
Patch management cannot prevent zero-day attacks, but it can significantly reduce the exposure window. In case of a severe vulnerability, software vendors might issue a patch within hours or days. Automated patch management can help you deploy it quickly, before attackers can identify the vulnerability in your systems and exploit it.
Organizations of all sizes will benefit from having an incident response plan that provides an organized process for identifying and dealing with a cyberattack. Having a specific plan focused on zero-day attacks will give you a huge advantage in case of an attack, reduce confusion and increase your chances of avoiding or reducing damage.
When drafting your plan, follow the SANS Institute’s six stages of incident response. The plan should specify:
Here at Sicura, we specialize in working with organizations to securely lockdown their environment by using compliance policies applicable to their organization. Reach out to learn how we can help!