What are zero day threats?
The term zero day threats refer to a class of security vulnerabilities that are detected in a system or device but have yet to be patched by the vendor community.
What is the impact of zero day threats?
Typically targeted towards a specific company, device, or application, a successful zero day attack can inflict significant damage across an organisation. For example, DataProt reports that ransomware attacks are expected to occur every 11 seconds and cost over $20 billion globally per annum. Experience indicates that threat actors target organisations with multiple interconnected systems, security flaws, deep pockets, and the willingness to pay to restore business services.
Between the time of discovery until the vendor issues a patch, cybercriminals race to exploit the vulnerability. A study by Cisco states that 5% of vulnerabilities are remediated within one month of discovery, while 67% are resolved within three months. Over 16% remain open for a whole year or more. The same study found that a whopping 95% of assets contain at least one highly exploitable vulnerability.
Relying solely on vendors to repair your systems gives threat actors immense opportunities to access and exploit them. Furthermore, the increase in digital transformation processes across modern companies has led to the rapid expansion of the attack surface and, in turn, its attractiveness to bad actors.
Through its best-in-class research and threat protection platform, Trend Micro can enable organisations to mitigate risk and avoid costly damage.
The importance of global research in mitigating zero day threats
The cyber landscape is increasing in diversity and scale with more applications, devices, and networks storing and transmitting more information than ever before. This ever-expanding attack surface presents cybercriminals with more initial attack vectors to exploit. Most of these attacks target either an entire company’s infrastructure or part of the infrastructure that contains a weakness.
Consider all the devices that are a part of the internet of things (IoT). For example, a vulnerability in a connected medical device can allow malicious actors entry and the ability to move horizontally through a hospital’s infrastructure and launch a ransomware attack. The most effective ways to mitigate these types of risks come from early detection methods made possible through continuous investigation.
Trend Micro™ Research directs resources towards collecting and analysing information that can be indicative of potential threats. Using artificial intelligence (AI) and machine learning (ML), this cybersecurity research team sifts through vast amounts of data to identify tangible and potential threats in real time. These teams build on knowledge of threat patterns gained over years of global intelligence to pick the essential snowflakes out of the information blizzard.
Knowing how and why attacks work is key to anticipating the next step and aids the creation of preventative measures. Attacks may take its form by developing a variation of an existing attack, or they may be a targeted attack on a company with similar infrastructure to one that was previously attacked.
Trend Micro leverages this threat intelligence when analysing customer traffic to detect potential vulnerabilities, remediate them, and harden the infrastructure by limiting interconnectivity. This is done by implementing the “principle of least privileges” for access. With over 450 internal researchers and data scientists networked across the world, Trend Micro can address global and regional specific threats and attacks, while working with national and international authorities to stop cyber threats.
Prevention, detection, and response are crucial steps towards mitigating zero day risks. After identifying a zero day vulnerability, it’s a race against time to block it.
Additional methods to protect against zero day vulnerabilities
Virtual patching implements protection in production environments to detect and block suspicious activity and remove the paths between the malware and its target. As part of regular security functions, these capabilities protect against known and unknown threats.
Here’s how cloud-native virtual patching augments an organisation’s existing security technologies as well as vulnerability and patch management policies:
- Prevents the risk of a successful breach or attack. Virtual patching keeps your applications protected until a vendor-supplied patch is released or while the patch is being tested and applied.
- Buys additional time. Virtual patching gives security teams the time needed to assess the vulnerability and test and apply the necessary and permanent patches. For in-house applications, virtual patching provides time for software developers and programmers to fix flaws in their code.
- Avoids unnecessary downtime. Virtual patching provides enterprises more freedom to enforce their patch management policies on their own schedule. This mitigates the potential revenue loss caused by unplanned or superfluous disruptions in business operations.
- Improves regulatory compliance. Virtual patching helps organisations meet timeliness requirements, such as those imposed by the EU General Data Protection Regulation (GDPR) and Payment Card Industry (PCI).
- Provides an additional layer of security. Virtual patching provides security controls to components in the IT infrastructures for which patches are no longer issued (e.g., legacy systems and end-of-support OSs like Windows Server 2008) or are prohibitively costly to patch.
- Provides flexibility. Virtual patching reduces the need to roll out workarounds or emergency security patches. It eases the task, for instance, of gauging specific points in the network that require patching (or if a patch needs to be applied to all systems).
- Customer-wide protection. With cloud-native virtual patching, IT teams don't need to worry about maintaining the patching system itself. Cloud-native systems streamline the patching process allowing all their customers to be protected.
For cloud or hybrid infrastructure organisations, Trend Micro Cloud One™ – Workload Security uses Trend Micro search capabilities to detect hosts where suspicious activity may be occurring. Preventative measures in the form of rules, filters, and detection capabilities for additional levels of protection. Furthermore, Workload Security provides trusted domain filtering, only allowing traffic from known and trusted domains while allowing access by location through geolocation and domain filtering. This allows organisations to shrink their digital attack surface by limiting a variety of threats.
MITRE is a not-for-profit organisation that works to solve problems for a safer world. MITRE ATT&CK, a globally available free database used to create threat models, mitigates the threat of cyberattacks. The MITRE ATT&CK cybersecurity software evaluation cited Trend Micro as providing exceptional attack protection.
Trend Micro Cloud One™ – Network Security can protect against zero day threats like Log4j. Security teams can leverage cloud-native threat and vulnerability detection and protection by inspecting and filtering ingress and egress traffic. Designed to work with all public cloud providers, Network Security scans, discovers, and thwarts threats while providing the necessary information to restore protection and guard against attacks.
Network Security leverages information provided by Trend Micro Research and the Trend Micro™ Zero Day Initiative™ (ZDI) so you can take advantage of virtual patching. This limits the widening of your attack surface and restores post-threat PCI compliance.
Staying one step ahead of cybercriminals
Zero day exploits are unknown until they inflict damage. The primary way to protect the cyber community is through extensive research, developing preventative measures, and incorporating this information into solutions that can implement these measures.
ZDI brings together an entire vendor agnostic community to help hunt and detect the latest software vulnerabilities. With the information gained on the latest reported vulnerabilities, Trend Micro can quickly implement virtual patching technology to protect customers' applications and infrastructure.
Trend Micro mitigates zero day attacks through research, solutions, and community participation while Trend Micro Cloud One™ solutions have built-in zero day protection to reduce the risk of vulnerabilities, giving you peace of mind with continuous protection your assets.
Find more information on how Trend Micro secures your environment by utilising decades of security expertise, global threat research, and continuous innovation.