Back to Blog Home

Why Your Security Program Must Include Proactive Zero-Day Defense Protection

Zero-day vulnerabilities and attacks are the phantom menace of the IT department — representing security vulnerabilities that hackers know about but no one else does.

Zero-day exploits can pose particularly harrowing threats in environments that lack stringent patching processes as well as defense-in-depth security procedures. After all, if cybercriminals unearth a zero-day vulnerability in a common and wide spread operating system or application used by millions of enterprise organizations, they can attack it with malware and cause havoc worldwide.

The Internet Security Threat Report (ISTR) published by Symantec in April of 2017, notes that the number of malware variants has risen to 357 million different strains. To put that in perspective, that’s roughly one malware strain per 21 people or roughly one strain for every person online.

The real problem is one of scope; that if an organization takes 200 days to successfully apply 54 zero-day patches, it is at risk. However, that risk is exponentially greater if the organization takes 200 days to patch 6,300 common vulnerabilities.

Getting serious about zero-day vulnerabilities and threats

Zero-day vulnerabilities can be all but impossible to detect. After all, they require intruders to ferret out obscure vulnerabilities in code that allow them to sneak in or exploit. At first glance, this is a maddening prospect in the app-driven universe of the economy: What should organization do then to mitigate risk?

Actually, protecting against Zero-day vulnerabilities (or possibility of such vulnerabilities) is much like standard cyber defense: You’ll never stop every intruder, but you can still take proactive steps to minimize the risk of zero-day attacks in your environment, make yourself a more difficult target and maximize protection of your organizations private and confidential data.

Steps you can take to fight zero days in the cloud

At OnX, we recommend a holistic information security program to reduce the risks of zero day vulnerabilities and other unknown threats. We suggest successful organizations consider the following:

Create a robust patch management cycle. Patching software bugs must be a perpetual cycle of preparing to address threats, creating a method to detect them, getting patches installed, assessing risks, setting priorities, and testing, deploying, and verifying the effectiveness of your program.  

Explore automation. New tools are introduced every day to automate the process of finding zero-day vulnerabilities and installing patches. Find the ones that best match your operating environment.

Look at the big picture. Make sure your zero-day strategy integrates with your entire IT ecosystem. Any app or system you leave out could be the one hiding your zero-day threat.

Train and certify your cyber defense team. The more your people know about zero-day risks, the better your chances of preventing damaging breaches. If you’re adding complexity to your cloud environment, make sure everyone has the skills to deal with it.

Stay compliant. Everything you do in the cloud has to remain within the bounds of privacy and data-security laws. Just keep in mind that compliance is more of a guiding principle than a form of protection. You can be compliant without being secure.  

Choose vendors with care. The nature of online app development is to get software up and running as quickly as possible, even if that means compromising on security. Make sure you’re working with vendors who take security seriously and understand your organization’s distinct security needs.    

Keeping your environment secure from zero day attacks

Zero-day attacks and other cybercrime tactics are getting more sophisticated all the time. While this seems daunting, frustrating, and frightening, there’s no need to give up hope. Creating a sound cyber security strategy for your cloud environment and making sure it’s always enforced can dramatically reduce your risk of a damaging breach.  You also don’t have to carry the burden of risk on your own. Working with a managed security services provider that employs subject matter experts and has access to industry leading technology, can help you greatly reduce your risk without having to try to manage this on your own.  

For more on fighting zero-days in the cloud — including in-depth advice on creating a sound patch-management program — check out our free whitepaper: The Zero-Day Vulnerability: Understanding and Managing Enterprise Risk.

Zero Day Vulnerability White Paper