What is a Zero Day Threat?
Zero Day threats are vulnerabilities that developers, vendors and end-users aren’t aware of until they’ve been publically exposed. They are hidden vulnerabilities in your operating systems, applications or network infrastructure.
They are called Zero Day Threats because from the moment they become public, until a new patch is released and implemented, your organization is vulnerable. Once a Zero Day exploit is public, it is added to the lists of Common Vulnerabilities and Exploits (CVEs).
The Dangers of a Zero Day Threat
Once a Zero Day Threat is exposed, it can be exploited by attackers before you have a chance to implement a patch or configure your security tools to detect it. But even before it’s publicly known, the vulnerability may be part of an attacker’s arsenal – as the Shadow Brokers’ exposure of the NSA’s repository of exploits demonstrated.
When Zero Day vulnerabilities are uncovered, vendors scramble to release security patches. But they’re not always fast enough to stop attacks. Even when patches are released, they are often not applied until days or weeks later. Often, if a Zero Day Threat isn’t a considered critical enough, administrators even hold off patching until the next scheduled software release, which can leave organizations exposed for extended periods.
Searching for Evidence of Zero Day Threat Attacks
By definition, it is difficult to protect against Zero Day Threats. The only way to determine for sure if you were subject to the vulnerability is to go back in time and analyze the related network activity. Otherwise, although you might get lucky and spot indicators of a breach, you won’t know, definitively, how they got in.
Using Network History and Playback™ gives you the ability to go back in time and scan for attacks that might have happened before a patch was implemented or detection rules were deployed. You can rewind to the day in question, drill down to the specifics and then scan for, and identify, the vulnerability. If you find you were breached as a result of a Zero Day Threat, recorded Network History lets you hone in on that breach to see exactly how they got in and what’s been compromised.
Now you can use the security tools you use every day to go back-in-time to look for historical breaches. And you should you find a breach has occurred, you and deploy multiple security tools - open-source, custom or commercial applications (from our Fusion Partners) - onto the EndaceProbe Analytics Platform to look at the event from multiple viewpoints.
Zero Day Threats still Represent a Serious Threat to Security
Symantec, in its 2016 Internet Security Report, suggests that bounty-hunting and more secure development processes may be reducing the threat of Zero Day vulnerabilities,
“Zero-day vulnerabilities, annual total Zero-day vulnerabilities (vulnerabilities not discovered by the software’s vendor) declined marginally from 4,066 in 2015 to 3,986 in 2016. The growing popularity of “bug bounty” programs and a greater focus on security, as part of the product development process, may mean that zero-day vulnerabilities are becoming harder to find for attackers, forcing them to move away from using them and broadening their range of tactics…”
But Zero Day Threats continue to represent a significant risk to organizations. The RAND Corporation says the average life expectancy of a Zero Day threat is nearly seven years. A quarter of Zero Days become obsolete within in a year of being discovered but a quarter also survive for as many as 9.5 years.
The Fusion Partner Program brings together solutions from leading security and performance analytics vendors who leverage the EndaceProbe's Application Dock hosting and workflow API to integrate Network History into their applications.
Yes I'd Like a Demo
How about a Demo?
Integrating Network History into your security and performance monitoring tools gives you definitive evidence at your fingertips.
Find out just how fast and accurate your investigations could be.