What is this zero-day stuff?

Posted by Jim Van on June 17, 2011 under data security, security, small business, Uncategorized | Be the First to Comment

With security breaches in the daily news (and some real whoppers lately), the term ‘zero-day attack’ or ‘zero-day vulnurability’ or some other zero-day term keeps popping up. So…just how many of you know what zero-day refers to, and why it’s important to know?

So: here goes the Wikipedia definition, which is about right:
“A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or the software developer, also called zero-day vulnerabilities. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.

The term derives from the age of the exploit. A “zero day” attack occurs on or before the first or “zeroth” day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.”

All clear now? Do you understand how it can impact you and your business? How about just what to do about it?

Best Practices
Ideally, your systems and network would be monitored by a group of men in white coats with pocket protectors and high foreheads 24 hours a day, constantly on guard against threats of all sorts, and especially zero-day. After all, a zero-day threat/attack/vulnurability is called such because no one really knows about it at the time it occurs. It’d take human intervention to even stand a chance of protecting one’s systems and network from such an attack….

Enter monitored security
Nothing is entirely bulletproof, despite what the security ads tell us. However, monitoredsecurity it possibly the best defensive moves anyone can make when it comes to adding a necessary layer of protection against zero-day exploits.

Monitored security is the hybridization of best-in-class business security software and an online connection to a monitoring network, which is generally a world-wide collection of security centers.