What are Zero-Day Exploits and how to deal with them?

One of the most dreaded hacks today is zero-day exploit. While applications have vulnerabilities, attackers today are incentivized to exploit applications’ vulnerabilities. Every day a new exploit remains unpatched, your risk of a data breach increases dramatically. So, what is a Zero-Day attack and how can we deal with it?

A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network. It is known as a “zero-day” because it is not publicly reported or announced before becoming active, leaving the software’s author with zero days in which to create patches or advise workarounds to mitigate its actions. It has passed zero time since the exploitable bugs existance was disclosed.

Similary, an exploitable bug that has been known for thirty days is sometimes called 30-day exploit. The lower the number of days the bug has been known, the higher are the chances that it has no fix or mitigation. The more recent the exploit was published, the higher are the probability that an attack against a particular instantiation of software that was afflicted with the exploitable bug has not yet been upgraded and that the attack is successful, because even if there is a patch, not every user of that software will apply it. For zero-day exploits, the probability that a user has patched their bugs is of course zero.

Attacks employing zero-day exploits are often attempted by hackers before or on the day that notice of the vulnerability is released to the public; sometimes before the author is aware or has developed and made available the corrected code. Zero-day attacks are a severe threat. ~ https://en.wikipedia.org/wiki/Zero-day_(computing)

One of the ways of dealing with zero-day vulnerability is a multi-layered approach that fully integrates with your IT defense (in-depth and broadness). How can we kick start a security program that includes awareness, detection, response, detection, appropriate controls and manage overall business risks from IT exploits?

Copyright by Steadware.com – a brand by Massive Wisdom Group Pte Ltd. If you are referencing this article, please provide a link back to this article’s url:

http://steadware.com/what-are-zero-day-exploits-and-how-to-deal-with-them

 

, ,
4 comments on “What are Zero-Day Exploits and how to deal with them?
  1. to a patch for an app you need a real hacker to work for you to find vulnerability in your software. In other word,
    hack your own thing to find an exploit, then patch it

  2. route anything unusual to the network cloud to check if the thing got problem so that it will protect you

  3. No enterprise can be entirely protected from a zero-day attack. However,every enterprise should have a planned incident response aside from high security measures to further minimise the damage that A zero-day attack could cause

  4. Update: Wikileaks Exposes ‘Vault 7’ — The CIA’s ‘Zero Day’ Weapon pm March 7, 2017. WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the biggest ever publication of confidential documents on the agency to date.

Leave a Reply

Your email address will not be published. Required fields are marked *