WatchPoint Comprehensive Cyber Security-
Protection Against Zero Day Exploits
What are zero day exploits?
Zero-day exploits are security vulnerabilities in software. The term ‘zero-day’ implies that the security flaw is unknown, meaning that not a single security person knows of its existence. A flaw like this can give a hacker everything. It can give them access to your computer, your personal information, access to computers in banks, hospitals, and even a nuclear power plant.
Think of a zero-day as a master key. A master key that no-one knows about and has access to every system on the internet. In fact sometimes, the zero-days are built to attack systems that are offline, see Stuxnet.
If you had such a key, how much would it be worth? $1000, $100,000, a $1,000,000? And who would buy it? The answer to these questions depends on several factors. But the overriding factor is how many systems can it compromise? The more systems it can compromise, the more it’s worth. The main point to take away from this is that a marketplace, where these exploits are bought and sold, does exist. Governments, cyber-criminals, white-hat hackers, and even brokers are all involved in the purchasing of zero-days. If you’re curious and want to know more, you should watch this documentary.
How zero day exploits affect your business
Zero-days affect all businesses. The size of your business or the size of your IT budget is irrelevant. It’s important to remember that zero-days are like a master key with the ability to break into systems and remain undetected. There are zero-days floating around the web right now that no-one knows about. One such example is the Flame virus. Flame went undetected for five years! How many viruses like Flame are floating around right now? It’s impossible to say. But they’re definitely out there, and every business should be concerned. As far as the “known” malware, here is a chart that will help you visualize an alarming trend.
While this chart shows the amount of known malware and not zero-days, it’s probably fair to assume that the number of zero-days has followed this trend as well. There certainly aren’t 400,000,000 zero days out there, but a single zero-day has the ability to compromise millions of systems.
How are zero days discovered?
If a zero-day is not known, then how can they be discovered? Zero-days are usually only discovered after a data breach takes place. It’s not until after the damage has been done, and information has been stolen that zero-days are commonly detected.
The discovery could come in the form of a watchdog group monitoring the black market for stolen credit cards, or the credit card companies themselves seeing a trend in fraudulent purchases. Armed with this information, an investigator will follow the trail of breadcrumbs back to the source of the compromise. From there a digital forensic company will get involved, and they’ll perform a detailed forensic analysis in an attempt to uncover the previously unknown exploit.
Here is a recent example, CVE-2016-1067, that was stealing payment card information from POS systems. It successfully compromised 100 businesses that we know of.
How do you protect against zero days?
Zero-day vulnerabilities are the most difficult challenge for cybersecurity companies. And every cybersecurity company will tell you that defense-in-depth (DiD) is the best way to protect your network. But DiD is too generic and quite frankly isn’t the complete answer to the question. Don’t get me wrong; defense-in-depth is a strategy that your business needs to do be taking seriously, but it’s not the only thing you should be doing.
Deception technology is the missing piece to your security puzzle. Deception delivers something that the other solutions can’t, which is an element of surprise. Cyber criminals want your data so why don’t we bait that trap with data? Data that has no real value, other than being an alert system for intruders. Data that alerts you to a hackers presence at the moment of compromise, not hours, or days, or months later. Data is the real target of any hack, so it makes sense that we should use it to our advantage.
At WatchPoint our primary way of using deception is through a system we’ve developed called HackTraps. The HackTraps give you a distinct advantage over the attackers. You know where the HackTraps are, and they don’t! By strategically placing the HackTraps throughout your network, you ensure that your entire attack surface is covered. Whenever one of the HackTraps is accessed, an alert is immediately generated. Because the HackTraps are not accessed by normal user interaction, the number of alerts this system generates is minimal. This allows you to treat every alert as a real threat, and you won’t be bogged down with false positives.
Deception technology comes in many forms. It could be deception data (HackTraps), it could stop ransomware (CryptoStopper), it could be deception servers (Honeypots), or even deception networks (honeypot networks). Whichever you choose the point is this, the attackers want your data, and it’s only a matter of time before they get it. So give them something fake and something that alerts you to their zero-day presence.
Learn more about the Deception Technology products offered by WatchPoint.