Industry analysts and security practitioners agree that the best way to protect against a zero-day threat is by instituting a defense-in-depth security strategy – layered protection from the firewall and network edge down to the host system. Security experts offer these recommendations for IT managers to consider when the organization is faced with a zero-day threat:
Monitor network behaviour. If you haven’t already done so, implement advanced intrusion prevention technologies, such as behaviour-based blocking tools, suggests Symantec’s Dean Turner. Behaviour-based intrusion prevention detects anomalies based on the behaviour of a program, and works better with detecting zero-day attacks than traditional signature-based antivirus.
Stay away from targets. You can better protect your organization by running less common applications, says Mikko Hypponen, chief research officer at F-Secure Corp. Instead of using Outlook for e-mail, for instance, consider using Eudora or Gmail. The more diversity there is in your applications, the better protection you will have against zero-day exploits.
Do an inventory. Know what systems are running where and make sure that all patches are up-to-date, says Turner. The longer that a system sits unpatched, the more likely you’ll be a target of an attack. Do what’s necessary to ensure that you are constantly informed of new vulnerabilities and exploits, he adds.
Know your weakness. Rigorous penetration testing of your IT systems can help uncover unknown vulnerabilities, says Forrester Research’s Chenxi Wang. Understanding where you’re vulnerable, and therefore knowing where the risks lie, is extremely important and will give you an idea of where you can improve your security.
When in doubt, ask. Seek guidance from your security vendor, says F-Secure’s Hypponen. You can also get insights from independent IT security organizations, such as the SANS Institute, which usually releases recommendations on various IT security issues.
Be quick. Once a patch is available, test and roll them out as quickly as possible, says Symantec’s Turner.
Consider deploying Web application firewall (WAF). This tool protects Web-facing applications and blocks malicious requests, explains Wang. Those with sophisticated learning capabilities can effectively block nascent threats. The Forrester analyst adds, however, that rigorous secure coding practices are still the best way to mitigate zero-day risks.