Home Security Zero-day vulnerabilities are an unlocked door: study

About 80% of the exploits for a given vulnerability are already in existence by the time it is publicly disclosed, but just 70% of the vendor-provided patches, fixes, or workarounds are available and it may be months, if ever, before business systems are updated.

That is according to the latest research from the Aberdeen Group, Cyber Security in 2017 and Beyond, based on Verizon data and commissioned by McAfee. Simply put, cyber criminals can and do use old techniques — some up to a decade old — to get into many business systems because they still work. Either patches were never applied or legacy systems cannot be patched! And even in the best case, patches can take days to weeks to test and apply leaving the door unlocked — a median of 38 days — for the various bots roaming the net to find them.

Time and complexity are also rendering traditional approaches to endpoint security — eg, signature-based anti-virus / anti-malware solutions, and the never-ending treadmill of patch management and configuration management activities — no longer enough to provide effective protection against the full spectrum of contemporary cyber security risks. Unfortunately, the total number of public vulnerability disclosures has remained high over the past several years, as have the number of high-severity vulnerabilities and the number of known exploits.

Aberdeen’s analysis shows that being twice as fast at detection and response compared to the status quo translates to about 30% less business impact, for attacks on the confidentiality of enterprise data; and about 70% less business impact, for attacks on the availability of enterprise computing infrastructure.

McAfee colloquially says most responders are closing the barn door well after the horse has bolted.

Aberdeen Group provides four examples of how recapturing the time advantage can help to reduce their risk, with suggestions on counter-measures and counterstrategies.

  • Before zero-day: identification (eg, through reputation, heuristics, and machine learning). Attackers have become increasingly adept at morphing the footprint of their malicious code, to evade traditional signature-based defences. But advanced pre-execution analysis of code features, combined with real-time analysis of code behaviours, are now being used to identify previously unknown malware without the use of signatures before it can execute.
  • After identification: containment (e.g., through dynamic application protection, and aggregated intelligence into active threat campaigns). Advanced endpoint defence capabilities now allow potentially malicious code to load into memory – but block it from making system changes, spreading to other systems, or other typically malicious behaviour. This approach provides immediate protection and buys additional time for intelligence — gathering and analysis — without disrupting user productivity.

For data centre and cloud security, some of the above endpoint tactics can be applied to the server and virtual workloads to protect against both known and unknown exploits. Aberdeen Group also suggests one can improve results through shielding and virtual patching tactics. This concept has been around for years, but is especially helpful when assets are centralised.

  • Virtual patching: Sometimes known as external patching or vulnerability shielding, it establishes a policy that is external to the resources being protected, to identify and intercept exploits of vulnerabilities before they reach their intended target. In this way, direct modifications to the resource being protected are not required, and updates can be automated and ongoing.
  • Strategic enforcement points: Design using fewer policy enforcement points (ie, at selected points in the enterprise network, as opposed to taking the time to apply vendor patches on every system)

The full 16-page report is here. 

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect