[BreachExchange] 7 Steps to Protect Your Company from a Zero-Day Exploit

Audrey McNeil audrey at riskbasedsecurity.com
Wed Jul 6 19:19:29 EDT 2016


http://www.groundreport.com/7-steps-protect-company-zero-day-exploit/


As a business owner, it is crucial that you take precautions to keep your
systems safe from outside threats. “Zero-day” exploits are becoming
increasingly common, and these vulnerabilities involve a rapid attack that
takes place before the vendor or security community even knows that it
exists. This lets hackers take advantage of the company’s lack of
awareness, allowing them to wreak maximum havoc in a short period of time.
Fortunately, there are ways that you can protect your company.

Take Preventive Efforts

While it may be impossible to completely protect your company against
zero-day exploits, taking preventive efforts to try and keep your business
safe is a necessity. Preventive security practices include installing a
good firewall policy and keeping it up to date. These policies should match
the application and business needs, blocking file attachments that can be
harmful and ensuring that all systems are patched against vulnerabilities.
Systems that regularly conduct vulnerability scans are also a good way to
measure how effective your preventive procedures are.

Use a Good Anti-Virus Software

An excellent antivirus program is a good way to keep your system protected.
Make sure that any antivirus program that you choose doesn’t just protect
you against threats that are well-known, as zero-day attacks are those that
were not known only a day before. So, when you choose an antivirus software
program, make sure that the program guarantees that your system will be
protected from both unknown and known attacks.

Your anti-virus protection will need to contain some type of host intrusion
prevention system (HIPS), but not all of these protective systems are the
same. Many HIPS only identify threats after they are already running, and
during this time, damage can be done. The right HIPS will prevent this from
happening, identifying many threats without ever having to run malicious
code.

Invest in Real-Time Protection

While it is important to take preventive efforts to try and ward off
zero-day threats before they become a problem, you’ll also need to have a
plan in place to handle a problem if it does arise. This should involve
real-time protection like intrusion-prevention systems (IPS). An IPS should
offer comprehensive protection, but there are certain capabilities that you
will want to look for when choosing a system:

Application integrity checking
Application protocol RFC validation
Content validation
Forensics capability
Network-level protection

An intrusion prevention detection system can help to protect your company
from vulnerability, as their rules and protocols can work to prevent a
zero-day attack.

Use Updated Browsers

Internet Explorer, Chrome, and Firefox push out automatic browser updates
on a regular basis in order to help keep you safe from zero-day and other
exploits. These updates usually occur in the background without you ever
knowing that they’ve occurred, and they typically include patches to
correct vulnerabilities that are newly discovered. These updates will be
installed after you close and reopen your browser.

In the event that you’ve kept your Internet browser open for several days,
you could be prompted to do a manual update. If you do get one of these
notifications, it is important that you follow through with updating your
browser so that you can stay protected against zero-day exploits and other
attacks. After you run the manual update, make sure that you are restarting
your browser so that the changes will take place, providing you the
protection that you need.

Plan Your Incident Response Strategy

Even if you take precautions in order to protect your company from a
zero-day threat, you can still get infected. A well-planned incident
response strategy is crucial if the unthinkable should happen and your
system should become compromised. The best incident response strategy will
contain well-defined procedures and rules, including prioritization of
activities that are mission-critical. These activities will be crucial to
minimize business damage.

Update Your Software

Another vital way to protect yourself from zero-day attacks is to ensure
that you use the most updated software versions available. If a software
program that you trust sends you a notice that it is time to update your
version, make sure that you do it. This is especially true for critical
updates, which could include a patch to a vulnerability that was recently
discovered. Keeping your software updated will immunize your system against
the possibility of a future infection.

The best way that you can manage software updates on your system is to
allow the software to do the work for you. Operating systems and other
software programs, such as your antivirus, can be configured so that they
automatically download and install your updates. Unfortunately, not all
software will offer these automatic updates, so it is important to know
which ones will require manual updates. Adobe Reader, for example, doesn’t
offer auto updates, and instead, the icon near the clock will indicate that
an update is needed. If you see this reminder, make sure that you do the
update as soon as you can for optimal safety of your system.

Minimize the Spread

If your system is compromised by a zero-day exploit, you’ll need to take
steps to prevent the spread of the problem. This can be completed by
limiting your connections to only those that are necessary for your
business needs. This will help to control the spread of the exploit within
your organization after your company has experienced the initial infection.

So, after you have been hacked by a zero-day exploit, what exactly should
you do? While your first instinct might be to shut down all the computers
on your network, this is a bad idea. A lot of hackers can breach your
system using memory-only malware, which installs onto your RAM, but not the
hard drive, since this type of exploit doesn’t leave a lasting data
footprint, it can bad difficult to track. Shutting down your computer
network could erase the evidence that would prove helpful in tracking the
source of the exploit.

Don’t leave your company’s systems vulnerable to zero-day exploits. By
taking these steps, you can avoid damage due to these newly created
vulnerabilities.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160706/2b07b9da/attachment.html>


More information about the BreachExchange mailing list