At this point, the risk of not having the ability to swiftly patch a computing environment should be obvious. Within hours of the Heartbleed bug’s release, hackers were already exploiting it. In some cases, patches were released well after hackers ferreted out the vulnerabilities. Nevertheless, time is of the essence with zero day vulnerabilities: The sooner you patch, the better.
Further, it’s worth noting that zero day vulnerabilities never actually go away. According to the RAND Corporation, the average life expectancy of a zero day vulnerability is nearly seven years. A quarter of zero days become obsolete within a year of discovery. However, just as many survive for more than 9.5 years.
In other words, zero days can survive until they become obsolete by nature of evolving IT. Alternatively, they can be eradicated from your computing environment the moment a fix becomes available if you have a reliable methodology in place for streamlined patching.
SOLUTION: Leverage Active Protection and Application Whitelisting
When it comes to preventing zero day threats and new, signatureless, or mutated malware from executing, the most effective method is application whitelisting. Consider, for instance, that web browsers are some of the most prolific sources of zero day exploits. A non-suspecting user may visit a rogue website, at which point malicious code on that site can exploit vulnerabilities in a web browser. From here, it’s much easier for malware to execute on a system, seemingly without the user having taken any noticeable action.
This is why active, layered protection with application control is so crucial.
In addition to a firewall, which is useful for blocking known threats, a layered approach utilizes real-time scanning on the internet and on individual machines to identify suspicious activity. This builds another key layer of defense, making infiltration twice as difficult to achieve.
Application control takes this a step further by creating a repository of allowed executables. Rather than blacklisting known malicious software (technically, your firewall should already do this), an application whitelist prevents any executable program (known or unknown) that does not have explicit administrative authorization from launching. All program executions on computers and servers are hereby monitored in real-time and, ideally, in conjunction with an active protection tool that can spot unusual or malicious activity, even in programs that are otherwise trustworthy.
As a result, malware that has previously undiscovered or undocumented signatures cannot run. Likewise, even if a zero day vulnerability or advanced persistent threat somehow enables the injection of malware into the system, it won’t actually be able to launch. The situation is effectively diffused.
Lastly, IT administrators require a simplified process to make all of this happen and the ability to customize privileges and application access by user. Specifically, they need granular control, flexibility and centeralized management.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM