Zero trust security solutions for zero-day threats

Recently Microsoft released patches to six, zero-day threats.

A zero-day threat is any threat for which no known solution exists to block the threat using well-known anti-virus, anti-malware, anti-spyware or anti-ransomware solutions.

No software can ever be 100% secure. Its security has been tested against known threats or threat vectors. However, new threats occur daily and criminal actors are looking to exploit any weakness for financial gain. A hack is when an attacker gains unauthorized access to a system by attaining someone’s credentials or tricking them via a phishing or other attack.

An exploit is when an attack takes advantage of a weakness in the program. Imagine a building with millions of doors and windows. Now imagine if someone were to discover that one of the windows doesn’t have a lock and one could enter the building at any time. This example is exactly how a weakness is exploited and allows an attacker to enter a computer system. Of course, once the opening is discovered it is published on the internet and all the bad actors know about it until the software is repaired. These exploits are simply latent bugs waiting to be unearthed.

Fortunately, there are some measures a firm can take to limit exposure. The first line of defense is to patch all operating systems and programs to the most recent version no less than monthly. Next, update the firmware or operating system of all devices including firewalls, wireless access points, switches, routers and servers. After that, inquire with the firm’s IT service provider about application whitelisting, anti-tamper and ring-fencing technologies.

Typical security software works upon a known list of bad actors, suspicious IP addresses or patterns of attacks known as heuristics in attempt to thwart the attack. Unfortunately, the world is creating about 700,000 new viruses, worms, and other attacks per day, so the odds of blocking them all are not in one’s favor – since the attack only needs to be right once and IT security needs to be correct 100% of the time.

In a world where 100% security is not possible to achieve, application whitelisting works to close the gap by trusting only known programs and processes to run on a system. The list of known executables, libraries, scripts and other files that comprehend the operating system and programs on a new PC for the average company is about 6,000 versus the almost 300 million new variants created every year. After installation, the application whitelisting software scans the system and records the hash which is the sum of the zeros and ones that make up the program. The security administrator then approves each of these applications by their hash, or even by the signed certificate the software developer used to verify that the program is authentic.

Once the applications are known, the system is then placed into secure mode. When a system is in secure mode, only the explicitly approved executables and their libraries are allowed to operate. If a new software needs to be installed or a system needs to be patched, then those installers and their payloads must be pre-approved to allow automatic installation, or the application whitelisting security must be placed in “learning” or “installation” mode to allow the install or update. Anti-tamper denies one program from accessing the folders and registry keys of another program thereby isolating a program’s reach within a system.

Finally, ring-fencing is implemented to limit the capabilities of specific programs. For instance, every Windows computer has Powershell, which is a scripting environment, but most people don’t even know it exists. An attacker could download a self-executing mini-payload from an infected website or email that runs a small program that calls Powershell and tells it to download a larger payload in a hidden browser session. Ring-fencing can be used to block PowerShell’s ability to access the internet, thereby stopping an attack from a program that has already been trusted. The world is becoming increasingly more dangerous; ask the IT security team about implementing zero trust security solutions to keep data, people, clients and money safe from those with evil intent.

For more information, visit omnipotech.com or call (281) 768-4308.

.

Leave a Comment