As a business owner, it is crucial that you take precautions to keep your systems safe from outside threats. “Zero-day” exploits are becoming increasingly common, and these vulnerabilities involve a rapid attack that takes place before the vendor or security community even knows that it exists. This lets hackers take advantage of the company’s lack of awareness, allowing them to wreak maximum havoc in a short period of time. Fortunately, there are ways that you can protect your company.
Take Preventive Efforts
While it may be impossible to completely protect your company against zero-day exploits, taking preventive efforts to try and keep your business safe is a necessity. Preventive security practices include installing a good firewall policy and keeping it up to date. These policies should match the application and business needs, blocking file attachments that can be harmful and ensuring that all systems are patched against vulnerabilities. Systems that regularly conduct vulnerability scans are also a good way to measure how effective your preventive procedures are.
Use a Good Anti-Virus Software
An excellent antivirus program is a good way to keep your system protected. Make sure that any antivirus program that you choose doesn’t just protect you against threats that are well-known, as zero-day attacks are those that were not known only a day before. So, when you choose an antivirus software program, make sure that the program guarantees that your system will be protected from both unknown and known attacks.
Your anti-virus protection will need to contain some type of host intrusion prevention system (HIPS), but not all of these protective systems are the same. Many HIPS only identify threats after they are already running, and during this time, damage can be done. The right HIPS will prevent this from happening, identifying many threats without ever having to run malicious code.
Invest in Real-Time Protection
While it is important to take preventive efforts to try and ward off zero-day threats before they become a problem, you’ll also need to have a plan in place to handle a problem if it does arise. This should involve real-time protection like intrusion-prevention systems (IPS). An IPS should offer comprehensive protection, but there are certain capabilities that you will want to look for when choosing a system:
- Application integrity checking
- Application protocol RFC validation
- Content validation
- Forensics capability
- Network-level protection
An intrusion prevention detection system can help to protect your company from vulnerability, as their rules and protocols can work to prevent a zero-day attack.
Use Updated Browsers
Internet Explorer, Chrome, and Firefox push out automatic browser updates on a regular basis in order to help keep you safe from zero-day and other exploits. These updates usually occur in the background without you ever knowing that they’ve occurred, and they typically include patches to correct vulnerabilities that are newly discovered. These updates will be installed after you close and reopen your browser.
In the event that you’ve kept your Internet browser open for several days, you could be prompted to do a manual update. If you do get one of these notifications, it is important that you follow through with updating your browser so that you can stay protected against zero-day exploits and other attacks. After you run the manual update, make sure that you are restarting your browser so that the changes will take place, providing you the protection that you need.
Plan Your Incident Response Strategy
Even if you take precautions in order to protect your company from a zero-day threat, you can still get infected. A well-planned incident response strategy is crucial if the unthinkable should happen and your system should become compromised. The best incident response strategy will contain well-defined procedures and rules, including prioritization of activities that are mission-critical. These activities will be crucial to minimize business damage.
Update Your Software
Another vital way to protect yourself from zero-day attacks is to ensure that you use the most updated software versions available. If a software program that you trust sends you a notice that it is time to update your version, make sure that you do it. This is especially true for critical updates, which could include a patch to a vulnerability that was recently discovered. Keeping your software updated will immunize your system against the possibility of a future infection.
The best way that you can manage software updates on your system is to allow the software to do the work for you. Operating systems and other software programs, such as your antivirus, can be configured so that they automatically download and install your updates. Unfortunately, not all software will offer these automatic updates, so it is important to know which ones will require manual updates. Adobe Reader, for example, doesn’t offer auto updates, and instead, the icon near the clock will indicate that an update is needed. If you see this reminder, make sure that you do the update as soon as you can for optimal safety of your system.
Minimize the Spread
If your system is compromised by a zero-day exploit, you’ll need to take steps to prevent the spread of the problem. This can be completed by limiting your connections to only those that are necessary for your business needs. This will help to control the spread of the exploit within your organization after your company has experienced the initial infection.
So, after you have been hacked by a zero-day exploit, what exactly should you do? While your first instinct might be to shut down all the computers on your network, this is a bad idea. A lot of hackers can breach your system using memory-only malware, which installs onto your RAM, but not the hard drive, since this type of exploit doesn’t leave a lasting data footprint, it can bad difficult to track. Shutting down your computer network could erase the evidence that would prove helpful in tracking the source of the exploit.
Don’t leave your company’s systems vulnerable to zero-day exploits. By taking these steps, you can avoid damage due to these newly created vulnerabilities.