Protecting against zero-day vulnerabilities has always been a challenge for organization. It can feel like climbing a mountain with no summit. But changes in the threat landscape have made these threats even more dangerous.
First, attackers have shifted from targeting vulnerabilities in web browsers, to going after the likes of Microsoft Exchange, web servers and remote access software. The top 20 exploits blocked by Symantec in 2021 were all targeted at servers.
And once a zero-day becomes public attackers move faster in exploiting these vulnerabilities than organization can in updating software. Take Log4J, a widely used java-based logging utility on web servers. It was discovered in early December of 2021. Attackers were so focused on taking advantage of this new vulnerability that by the end of the month Symantec had blocked more attacks attempting to exploit these Log4J than any other vulnerability in 2021.
The situation is challenging. Patch management critical. But additional steps can be taken to address this situation. Here are 4 things you can do.
While not as popular, exploiting vulnerabilities that target end-users has not gone away. And employees still need proper training to recognize phishing threats and social engineering ruses. It still only takes a single click of an email or a visit to a compromised web site, combined with a vulnerability exploit, to spread malicious software into the corporate network.
There is a lot of Threat Intelligence products out there. They offer a wide array of features. There is much to get excited about as these feeds can provide deep insight on threats. But in evaluating Threat Intelligence don’t forget vulnerabilities. You want a feed you can customize to alert you of vulnerabilities in the software that you use. Forewarned is forearmed.
Demand Transparency From Your Suppliers
We’ll never have bug free software, so start with having your vendors explain their polices and procedure around software vulnerabilities. Have they published Responsible Disclosure guidelines? Do they have a simple and easy way to report vulnerabilities? How do they deliver patches to update any affected products? Start by asking your vendors these questions. And hold them accountable.
The next step is to ask about their secure coding practices and protecting you against supply chain attack. Secure coding is an evolving discipline. We don’t have all the answers yet. Smart vendors view it as a journey, not a destination. So look for a plan that’s focused on constant, incremental improvements.
Harden Your Servers
Servers are under attack. They can be exploited as a gateway into an organization. They also hold data that attackers want to steal. Hardening them against zero-days is a critical part of a proactive defense.
The right solution is something like Symantec Data Center Security (DCS). DCS was designed to enable hardening against vulnerabilities, to protect your servers even before patches are deployed. As an example, take the threat from Log4J. DCS had multiple policies in place preventing Log4J, or any other vulnerability, from being exploited on servers it protected.
Of course, DCS does a lot more. It delivers comprehensive server protection, providing visibility, compliance, monitoring, and management for a broad array of OSs and legacy servers.
Today the threat from vulnerabilities is as high as it’s ever been. Proactive protection is critical. For information on how Symantec can help contact us.
We encourage you to share your thoughts on your favorite social platform.