How can we detect A zero day attack?

Hybrid-based techniques that combines heuristics with various combinations of defense techniques such as: Statistical-based techniques for the detection of exploitsSignature-based defense techniqueBehavior-based defense technique

When we talk about zero day attack, our traditional IPS (intrusion prevention system) and antivirus solution will not be helpful in preventing such attacks or minimizing the damages from such attacks because they trigger based on the existing signatures. Below are the two approaches which are helpful in preventing/minimizing damage from zero day attacks: 

1) Defense in depth approach: Use of multiple layers of security,form the perimeter till the end point. For example at the perimeter of the network you can deploy a layer 7 firewall along with IPS (intrusion prevention system) solution. And at the end point level (user laptops/desktops) DLP (data leakage Prevention) solution can be deployed with antivirus solution, do ensure that the signatures in IPS and antivirus devices as well as patches (OS and Application both) are regularly updates. Also, other security solutions for web and email traffic filtering shall be used.

2) Use of analytical tools: Analytical tools like SIEM (Security Incident and Event Management) and APT (Advance Persistence Threat) can be helpful in preventing the damage from zero day attacks as they monitor the behavior of network and end points (user machines). Any suspicious behavior can be blocked/alerted based on the configuration of these tools.

There are a few steps and measures that could help to reduce the exposure to Zero Day based attacks:

 Never install unnecessary software: each software installed on your system is a window of entry for a potential Zero Day. It’s recommended that you review the list of software once in a while and uninstall those that you no longer use.

Keep updated: the software that you keep should always be updated to the latest version.

Use a reliable firewall: if it is impossible to detect a malware that comes from an unknown vulnerability, maybe we could detect a suspicious connection and stop it before it’s too late.