KHOI | Blog
Open-sourcing knowledge

10 ways to prevent zero-day attacks
Mon, Oct 16, 2023 · 8 min read
tech
Blog post image
Table of contents

Content

What is a zero-day?

A zero day (or 0-day) vulnerability is a security risk in a piece of software that is not publicly known about and the vendor is not aware of. These are severe security threats with high success rates as businesses do not have defenses in place to detect or prevent them. The attacker releases malware before the developer or vendor has had the opportunity to create a patch to fix the vulnerability.

The term “zero day” comes from the world of pirated digital media, since the pirated version is published zero days after the official version.

10 ways to prevent zero-day attack prevention tips

  1. Vulnerability scanning: Can detect zero-day exploits, but scanning alone isn’t enough. Organizations need to act on the results of a scan, perform code review and sanitize code accordingly. The entire process is time-consuming providing windows of opportunity to hackers.

  2. Patch management: Critical, but can be time-consuming. Enterprises with a large number of endpoints should consider streamlining patch management through automation - from identifying missing patches, to testing patches, deploying them, updates and producing reports.

  3. Firewall: A firewall reviews all incoming and outgoing network traffic based on predetermined security rules, filtering out malicious inputs that might target security vulnerabilities.

  4. Advanced threat intelligence: Invest in advanced threat intelligence services in order to get real-time info about emerging vulnerabilities.

  5. XDR/XPR: Extended Detection and Response (XDR) and Extended Prevention and Response (XPR) technology integrates data from a variety of sources to offer a comprehensive overview of an organization’s cyber security posture. This helps security teams detect and respond to threats more quickly and effectively.

  6. Cloud-specific measures: Extend your zero-day prevention efforts to cloud environments. Implement cloud-specific cyber security measures, such as Security Information and Event Management (SIEM), data encryption, configuration management best practices, cloud-native security tools and zero-trust for cloud.

  7. Consolidation: A unified security platform is essential in preventing zero-day attacks. A single solution that offers visibility and control across an organization’s entire IT ecosystem has the context and insight required to identify a distributed cyber attack.

  8. Incident response plan: Every org needs this. Include a mission statement, formal documentation around roles and responsibilities during a possible attack, a recap of primary cyber threat vectors likely to affect a given organization, policies around making payments to cyber attackers, incident classification guidelines and under what circumstances an incident must be reported to law enforcement (and how quickly).

  9. Data backups: Follow the 3-2-1 rule. Reliable backups provide peace-of-mind.

The 3-2-1 Rule: 3 copies of data on 2 different media with 1 copy being off-site.

  1. Third-party risk management: Ensure 3rd-party partners are enforcing standards that protect your business, and standardize your 3rd-party risk management (instead of using spreadsheets and consequently chasing business partners via email in the event of a major security threat).

TLDR

  1. Vulnerability scanning
  2. Patch management
  3. Firewall
  4. Advanced threat intelligence
  5. XDR/XPR
  6. Cloud-specific measures
  7. Consolidation
  8. Incident response plan
  9. Data backups
  10. Third-party risk management

References

Fortinet | What Is a Zero Day Attack?

CyberTalk.org | 10 top zero-day attack prevention tips