Bayt.com

Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

How can we detect A zero day attack?

ISO 27001 ISM Computer Science IT Security
user-image
Question added by Saiju Sam George , Information Security & ICT Manager , FutureBank
Date Posted: 2016/02/16
Upvote (0) Views (9) Followers (4) Answers (3) Report Question
Write an Answer
Register now or log in to answer.
Devendra Sharma
by Devendra Sharma , Senior Consultant , Wipro

Hybrid-based techniques that combines heuristics with various combinations of defense techniques such as: Statistical-based techniques for the detection of exploitsSignature-based defense techniqueBehavior-based defense technique

himanshu gupta
by himanshu gupta , Senior Consultant , XYZ

When we talk about zero day attack, our traditional IPS (intrusion prevention system) and antivirus solution will not be helpful in preventing such attacks or minimizing the damages from such attacks because they trigger based on the existing signatures. Below are the two approaches which are helpful in preventing/minimizing damage from zero day attacks: 

1) Defense in depth approach: Use of multiple layers of security,form the perimeter till the end point. For example at the perimeter of the network you can deploy a layer 7 firewall along with IPS (intrusion prevention system) solution. And at the end point level (user laptops/desktops) DLP (data leakage Prevention) solution can be deployed with antivirus solution, do ensure that the signatures in IPS and antivirus devices as well as patches (OS and Application both) are regularly updates. Also, other security solutions for web and email traffic filtering shall be used.

2) Use of analytical tools: Analytical tools like SIEM (Security Incident and Event Management) and APT (Advance Persistence Threat) can be helpful in preventing the damage from zero day attacks as they monitor the behavior of network and end points (user machines). Any suspicious behavior can be blocked/alerted based on the configuration of these tools.

Abdullah Al-Hamed
by Abdullah Al-Hamed , IT Specialist , Saudi Airlines

There are a few steps and measures that could help to reduce the exposure to Zero Day based attacks:

 Never install unnecessary software: each software installed on your system is a window of entry for a potential Zero Day. It’s recommended that you review the list of software once in a while and uninstall those that you no longer use.

Keep updated: the software that you keep should always be updated to the latest version.

Use a reliable firewall: if it is impossible to detect a malware that comes from an unknown vulnerability, maybe we could detect a suspicious connection and stop it before it’s too late.

Write Your Answer
More Questions Like This

Do you need help in adding the right keywords to your CV? Let our CV writing experts help you.

Get Help