Turning Zero-Day into D-Day for Cybersecurity Threats

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Next

The Growing Danger of Zero-Day Threats

Even once a zero-day vulnerability has been discovered, protecting against its exploitation in real time is extremely difficult — leaving end users and companies exposed to attacks. Software patches and updated antivirus signatures are time consuming. Even newer sandbox solutions cannot block threats in real time. Solutions that apply classic machine learning technology (by using elaborate algorithms to classify a file's behavior as malicious or legitimate according to manually selected features) might do a better job at detecting against zero-day exploits, but the detection rates are still far from optimal.

"Zero-day" is a term used to describe the culprit behind many of the security breaches we hear about almost daily  in the news. But what exactly does it mean? Zero-day — the first or "zeroth" day — refers to the point in time a security hole in code is revealed to hackers or cybersecurity professionals (e.g., a developer, researcher, software programmer).

The term comes from the Warez scene (warez being slang for wares — an abbreviation for computer software) where computer underground circles distribute unauthorized releases of copyrighted work on the same day as (or even before) the original product is released.

While that is the basic definition, zero-day threat is commonly used to describe two cases:

  • Zero-Day Vulnerability: This refers to a security flaw in software, an application or operating system that has yet to be revealed to the software maker or antivirus vendors, though the vulnerability may be known to attackers. Because zero-day vulnerabilities have yet to be discovered, the vulnerability is not yet protected by a known signature or patch, leaving companies vulnerable to attacks.
  • Zero-Day Exploit: This refers to code that attackers use to trigger the zero-day vulnerability to execute their malicious action into the vulnerable software, application or operating system. Since this is done unbeknownst to the victim, it is a critical cybersecurity threat.

In this slideshow, Guy Caspi, CEO of Deep Instinct, takes a closer look at the explosion of zero-day threats and how deep learning can help organizations better protect their valuable cyber assets.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Security117-190x128.jpg 5 Steps to Protect Executives from a Whale-Phishing Attack

Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly-valuable information. ...  More >>

Security116-190x128.jpg 5 Common Failures Companies Make Regarding Data Breaches

Five common failures companies make when preparing for, and responding to, a data breach, as well as guidance for companies on how they can tackle these issues. ...  More >>

Security115-290x195 Data-Centric Approach Starves Data-Hungry Cybercriminals

Incorporating security capabilities such as encryption, better control and management and a data security framework will help alleviate the burden breaches place on the organization and people's lives. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.