|
This document is intended for Information Security and Information Technology professionals interested in understanding Zero-day Attacks, the various protection schemes available today and how Top Layer Network's Intrusion Prevention System solutions provide the best mechanisms for protection from these types of attacks.
Executive Summary
The Network security landscape is dynamic with new remotely exploitable vulnerabilities consistently being discovered and exploited. According to SearchSecurity.com, the growth rate of system and software vulnerabilities tripled from 2001 to 2003 to 60 per month, and new viruses popped up at a rate of 10 to 15 a month. IT organizations struggle to quickly patch systems before significant damage or theft of assets takes place. Network protection solutions, such as Network Intrusion Prevention Systems (IPS) are necessary to improve protection for vulnerable systems until patches are properly installed across the entire infrastructure. Updating signatures in a few IPS devices for the detection and blockage of exploits is a more efficient method for protecting servers until all systems can eventually be patched.
However, Zero-day exploits present even a bigger challenge where:
- Even with consistent patching of servers, vulnerabilities are exploited before a patch may exist
- IPS that rely primarily on signatures as their protection mechanism suffer the same problem since a signature may not be available before the vulnerability is exploited
- Historically, even the fastest vendor response time for patch and signature development is too slow to prevent significant IT loss
A new approach is necessary, which includes more proactive protection from these damaging exploits, known as Zero-day exploits. Top Layer has developed unique protection capabilities as a primary- line of defense against Zero-day exploits. This paper will discuss Top Layer's innovative protection mechanisms for defending against Zero -day exploits. In addition the paper will cover how signature-based protectio n, while an important component of an IPS, is not well suited as a primary mechanism for defending against Zero-day exploits.
Introduction
According to the latest CSI/FBI report on Computer Crime and Security, the average economic loss due to cyber crime per respondent was approximately $526,000. This is because today's IT infrastructures are vulnerable to attack by almost anyone with a computer, Internet connection, and a modicum of skill. It is increasingly critical to protect against the work of individuals and groups that create and/or use malicious exploits (or malware), that release hacked up worms, Trojans, etc. such as the Sasser worm. In the past, the damage many of these have done has often been consumption of network bandwidth, loss or theft of some files, and the time of IT administrators to isolate and patch vulnerable systems. Invariably software and security vendors have released patches to prevent further exploitation of system and application holes.
More recently, there has been an increasing spread of attacks with an economically damaging purpose. Critical infrastructure and businesses with significant financial resources are experiencing a high severe attack rate. Financial services, healthcare, and power and energy were among the sectors hardest hit by severe events in 2004.
According to a 2004 CSI/FBI Computer Crime and Security Survey done in June 2004, out of just those that respond, it was estimated that U.S. businesses alone lost over $140M due to cyber threats.
Crime and Security
With an increasingly interconnected and mobile workplace, malware can spread and infect critical assets at higher frequency. As resources grow and attacks occur more often, it becomes challenging to keep up with patches of vulnerabilities when they are finally released. In addition, a class of attacks, termed "Zero -day exploits", is a growing segment, that targets a previously unknown, and therefore unprotected vulnerability. As these exploits grow in complexity and scale, relying on traditional firewall security, virus updates, or software patches are inadequate solutions to the Zero-day problem.
What is a Zero-day Exploit?
A Zero-day exploit occurs when an exploit for a vulnerability is created before, or on the same day as the public learns about the vulnerability. IT organizations are constantly fighting the battle of keeping systems patched and updated. As software and hardware vendors learn about new vulnerabilities, either from 3rd-party researchers, customer feedback or internal testing, they create software updates, patches, service packs and security updates to mend the security holes.
|
