Home Security Zero-day vulnerabilities are an unlocked door: study

Zero-day vulnerabilities are an unlocked door: study

About 80% of the exploits for a given vulnerability are already in existence by the time it is publicly disclosed, but just 70% of the vendor-provided patches, fixes, or workarounds are available and it may be months, if ever, before business systems are updated.

That is according to the latest research from the Aberdeen Group, Cyber Security in 2017 and Beyond, based on Verizon data and commissioned by McAfee. Simply put, cyber criminals can and do use old techniques — some up to a decade old — to get into many business systems because they still work. Either patches were never applied or legacy systems cannot be patched! And even in the best case, patches can take days to weeks to test and apply leaving the door unlocked — a median of 38 days — for the various bots roaming the net to find them.

Time and complexity are also rendering traditional approaches to endpoint security — eg, signature-based anti-virus / anti-malware solutions, and the never-ending treadmill of patch management and configuration management activities — no longer enough to provide effective protection against the full spectrum of contemporary cyber security risks. Unfortunately, the total number of public vulnerability disclosures has remained high over the past several years, as have the number of high-severity vulnerabilities and the number of known exploits.

Aberdeen’s analysis shows that being twice as fast at detection and response compared to the status quo translates to about 30% less business impact, for attacks on the confidentiality of enterprise data; and about 70% less business impact, for attacks on the availability of enterprise computing infrastructure.

McAfee colloquially says most responders are closing the barn door well after the horse has bolted.

Aberdeen Group provides four examples of how recapturing the time advantage can help to reduce their risk, with suggestions on counter-measures and counterstrategies.

  • Before zero-day: identification (eg, through reputation, heuristics, and machine learning). Attackers have become increasingly adept at morphing the footprint of their malicious code, to evade traditional signature-based defences. But advanced pre-execution analysis of code features, combined with real-time analysis of code behaviours, are now being used to identify previously unknown malware without the use of signatures before it can execute.
  • After identification: containment (e.g., through dynamic application protection, and aggregated intelligence into active threat campaigns). Advanced endpoint defence capabilities now allow potentially malicious code to load into memory – but block it from making system changes, spreading to other systems, or other typically malicious behaviour. This approach provides immediate protection and buys additional time for intelligence — gathering and analysis — without disrupting user productivity.

For data centre and cloud security, some of the above endpoint tactics can be applied to the server and virtual workloads to protect against both known and unknown exploits. Aberdeen Group also suggests one can improve results through shielding and virtual patching tactics. This concept has been around for years, but is especially helpful when assets are centralised.

  • Virtual patching: Sometimes known as external patching or vulnerability shielding, it establishes a policy that is external to the resources being protected, to identify and intercept exploits of vulnerabilities before they reach their intended target. In this way, direct modifications to the resource being protected are not required, and updates can be automated and ongoing.
  • Strategic enforcement points: Design using fewer policy enforcement points (ie, at selected points in the enterprise network, as opposed to taking the time to apply vendor patches on every system)

The full 16-page report is here. 


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!