Zero-day refers to the time when a vulnerability is found in a system and the clock starts ticking for the vendor or provider to provide a patch or update. If the system’s or service’s owner is lucky, a legitimate user or white-hat hacker might uncover the exploit and report the exploit to them. If not, a rogue hacker could find the exploit, use it, or sell it on the dark web, while the business remains unaware of the vulnerability until it finds its data or resources being used for unauthorized purposes.
Whenever anyone finds a vulnerability in a piece of IT infrastructure or software, it can take days, weeks or even longer for a patch to be created, tested and published. Those patches are often installed automatically on release, especially within modern cloud systems, but many IT systems rely on human operators to check and ensure the patch doesn’t break another part of the system.
Others might not know the patch exists or that they need to manually trigger it. That can lead to delays of months, even years, with millions of cloud services, accounts and business devices vulnerable to exploits that very quickly become well-known among hackers and digital criminals.
Accelerate and secure your journey to AWS
Find out how adaptive, purpose-built security can unlock the full potential of the cloud.
VISIT THE HUB ifp.ClickDetails"The frequency of zero-day events is rising sharply, with 37 major attacks reported by August 2021, up from 22 in 2017. To counteract this threat, businesses need to understand what their responsibilities are, alongside those of cloud providers or managed service providers, to ensure their cloud remains secure and data is protected, wherever it resides.
Defending the hybrid cloud from zero-day exploits
With the hybrid cloud mixing private and public services, as well as the move to remote working, the complexity of a company’s IT footprint increases. These factors expose it to a greater risk of a zero-day exploit. Hybrid clouds also come with multiple defensive systems, across traditional tools like firewalls and antivirus solutions from legacy security or modern cloud security-focused vendors.
These tools, along with application-specific protection tools like Fortinet’s FortiCWP, help IT and security professionals bolster security. Yet all of these and the services they protect remain targets for hackers eager to find vulnerabilities in high-profile victims.
2020’s SolarWinds attack is a classic example of the damage that can be done by a zero-day hack on a cloud service provider. It saw over 18,000 customers potentially exposed by a vulnerability exploited in the company’s Orion IT monitoring over a period of weeks. Most targets were in the US, including government agencies.
Identifying and preventing zero-day attacks
Identifying a zero-day attack is by its nature a challenging task. Since manually spotting the fingerprints of an attack in the cloud is almost impossible, automated tools need to search for evidence and activity related to a breach or related attack.
If the breach has occurred, network history tools can help track down what activity took place to identify the damage and notify customers and authorities. IT and security professionals need to keep monitoring the zero-day news channels and vendor bulletins.
To prevent a zero-day attack, multiple elements need to be high on the business and IT agenda. As businesses grow and add new services, their attack surface area will only grow. At the tactical end, risk management tools will enable security teams to monitor high-priority issues and take immediate action to resolve them. Strategically, businesses need to meet their national and industry security standards with compliance for the likes of GDPR, SOX, HIPAA and the payment card industry.
Across the cloud, advanced protection can offer data security tools that will your ensure applications are correctly configured. Traffic analysis will identify unusual movements which might indicate malicious activity, while threat detection monitors the entire security infrastructure.
While much of the focus is on cloud technology to prevent a breach, within the business, human factors also need to be addressed. All users, from supervisors, managers and operators down need to be trained from onboarding about best practices for strong password use, identifying scams and malware, along with maintaining data integrity and file security. And when employees leave, IT needs to cancel their access privileges immediately.
Taking action today could save your business
The barrage of cloud services and IT must-do lists can seem confusing, especially to smaller businesses with limited IT resources. At the bare minimum, a web application firewall can provide security for cloud web applications from zero-day web exploits and other attacks. Businesses also need to rely on vendors for speedy notification and resolution of problems, with the time to deliver patches requiring shortening to cloud-era time frames rather than typical 90-day business turnarounds.
Fortunately, many zero-day vulnerabilities are patched quietly and business moves on, waiting for the one that doesn’t end well. However, another SolarWinds attack is guaranteed to happen so long as growing numbers of businesses continue to turn to the cloud without a clear idea of their security needs.
Further reading
Access the latest business knowledge in IT
Get Access
Comments
Join the conversation...