What’s all this rumbling about Zero Days?  What does it all mean for me?

By Scott Hoffman
[spacer height=”10px”]

When it comes to “zero-days,” there is a lot of confusion in terms of both their definition and their priority. At ACT Network Solutions, we follow the industry-standard term of “zero-day attacks.” It refers to a software or hardware vulnerability exploited by an attacker where there is no knowledge yet of the flaw by the developers or in the information security community, and, therefore, no security fix or software patch has been made available for it.  Essentially, the bad guys found a program flaw in a program or device before the authors or security people knew it existed and could develop a fix for it.

Zero Day Exploits Are RealHere is the Wikipedia definition:

“A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, one that developers have not had time to address and patch. There are zero days between the time the vulnerability is discovered (and made public), and the first attack.”

Eventually, security software developers identify these vulnerabilities – some by vigilant work done by security software developers who find the vulnerability before an attack can occur. Unfortunately, sometimes they are not found for hours, days or even weeks after attacks have already begun and continue to infect thousands of computers around the world. With the exception of vulnerabilities found by hackers used for their attacks, any vulnerabilities found are quickly reported to the party responsible for the creation of the software so that fixes can be made. Usually, even the repairs take several days to complete while attacks continue to occur. These vulnerability errors are not just made by small private software companies, but often include major software corporations that are used by virtually everyone, every day, such as critical holes found in globally popular software like Internet Explorer, as well as Java by Oracle, Adobe Acrobat and Flashplayer which are used by all web browsers.

One prime example of this was an update by Microsoft for their SilverLight multimedia framework, which went undiscovered for almost 4 years before a security team found the flaw and reported it to Microsoft. The flaw was created by a hacker who notoriously sells his exploits to hackers around the world. Fortunately for Microsoft, this time, he was simply trying to prove that such a vulnerability could be made and not found, and never sold it to the rest of the hacker “community”. Microsoft had to scramble to repair the vulnerability and immediately release a NEW update to repair the previous one, removing the vulnerability before attacks could occur.  Unfortunately, most of the time the hackers find and exploit the flaw first and then the publisher reacts after the damage has already been done.

ACT Network Solutions finds these vulnerabilities, using our sophisticated suite of security software products. Every day, we monitor activity on all machines used by our clients, looking for and finding any suspicious activity, resulting in prompt threat detection and removal. This protects our customers and all of their precious business data, which could cripple their company if the vulnerability became exploited and attacked. We then take the necessary actions to block out any attackers until a software patch has been developed by the manufacturer to address the vulnerability.

To provide another layer of crucial protection, ACT also provides daily backups, utilizing both incremental and complete backup images, in order to restore any data that is lost or compromised by an attack. This keeps our clients’ data protected both before and after an attack might occur. If an attack does occur and data is lost, we can restore them to a previous point in time before the attack occurred, resulting in continuity of business within hours instead of days or weeks. Contact us at 847-639-7000, or visit www.actnetworksolutions.com to learn more.