It might sound like the next Tom Cruise action movie, but in the tech world, a zero-day threat is something a little more serious. A zero-day threat is when a brand new, otherwise unknown, malware has recently been discovered. Malware is the catch-all term used for a variety of malicious software, like a virus, spyware, worms, Trojans, bots, ransomware, adware, etc. Traditional anti-virus solutions rely on a database of known threats. The only way they become a “known threat” is because they’ve happened to someone, then their AV provider learns how to detect it and adds it to the database.
You’re probably thinking: how can we stop something we don’t know even exists? Well, simply put, we can’t. It would be like heading into battle without knowing who (or what) the enemy is. So, while there’s currently nothing on the market right now that can stop a zero-day threat, there are a few tools you can employ that help minimize the risk of damage to your business.
Costs of a Zero-Day Attack
Almost all ransomware threats now are zero-day, and they do their most damage in the first 24-48 hours. Austin Germaine, a technical account manager from BT Partners explains, “The issues that affected companies three months ago already have decryptions for them, so they’re no longer as dire as threat as they once were.”
Zero-day attacks aren’t going anywhere. In fact, they’re rapidly increasing. Mandiant Threat Intelligence observed a record number of zero-day exploits in 2021 with the firm identifying 80 exploited zero-days in 2021, compared to just 30 in 2020. For obvious reasons, the consequences can really run amok, and without it being detected, it can do a considerable amount of damage before you even know you need to stop it.
Zero-day attacks operate practically invisibly and can do significant damage, and we’re none the wiser. It can take businesses sometimes months to detect a zero-day attack, and that’s after it’s compromised IT systems around the globe. A key issue is that a zero-day attack can be so successful because it manifests itself as just another program. Essentially, that’s all any malware is, just another computer program, however, it’s what they do that makes them malware.
How Can You Prevent a Zero-Day
Cyber perils are the biggest concern for companies globally in 2022. The good news is you have several options available to help minimize the risk of a zero-day. One is the Next-Generation Antivirus (NGAV) solution. NGAV works proactively alongside its partner in crime Endpoint Detection and Response (EDR). Working together, NGAV and EDR recognize, alert, and act on unknown threats (like a zero-day threat) and alerts your IT department of unusual behavior, which is the best way to start preventing damage before it gets out of control.. The big differentiator is that it uses a behavior-based analysis instead of using the traditional database. This means that it will hopefully spot a zero-day threat by how it’s acting on the network, even if it’s not in the usual database of known threats.
You might be thinking, “Great, I’ll employ NGAV in my company, and we’ll be all set!” Well, kind of. While NGAV is an advanced level of endpoint security solution, it isn’t optimal unless it’s deployed with other solutions. There’s more you can and should do.
Sandboxing & Detonating
The other options our managed IT services team recommends are the Email Advanced Threat Protection (ATP) tools or the MS Defender for Office 365. The ATP tools offer two features that are just as important, if not more so, than NGAV.
- The first tool is called ‘Sandboxing’. This is when the tool opens an attachment or clicks on a URL before delivering it to the recipient. Then the solution examines what it does in the ‘sandbox’. This sandbox is basically testing out the attachment or the URL to find out if there’s a cause of concern before the person receives it.
- The second tool is called ‘Detonating’. This is when the tool runs the program or “detonates” the program in an environment completely isolated from your network to see what it does and if it causes damage. Again, like sandboxing, it’s testing the program to find out if there’s a malware threat.
The core idea of these tools is that before the malware even enters your network and whether it’s a known threat, it gets tested by sandboxing and/or detonating. Like NGAV, ATP uses behavior-based analysis as well. The behavior determines if it’s a threat, not whether it matches a known threat profile. Identifying the malicious behavior before it causes damage is the key to stopping a zero-day from happening in your business, and that’s what NGAV and ATP are designed to do.
Why You Need Both NGAV & ATP
The layered approach is best practice for IT security. That means incorporating both ATP and NGAV into your business. NGAV is effective, but we want several different defenses that a threat has to transverse through before it gets into your systems. Also, it’s important to remember that as amazing and new NGAV is, it’s still actually the “backup” method. If NGAV is kicked in, that means something has already entered your network. ATP prevents the threat from getting into your network in the first place. Both lines of defense ensure your business is sufficiently covered in the event of a zero-day threat.
When it comes to cybersecurity, you shouldn’t take any risks. Go from risk to resiliency by deploying effective security prevention software in your company. Touchbase with our problem-solving managed IT services department at BT Partners and they can ensure your company is protected and set up for success.