Page 131 - Cyber Defense eMagazine RSAC Special Edition 2025
P. 131

Solving the challenges behind zero-day attacks

            Because these attacks target vulnerabilities that aren’t publicly known, zero-day exploits are often missed
            by signature-based threat detection platforms that rely on lists of recognized attack attributes. Once a
            zero-day attack enters the environment, IT has historically had few tools available to stop or defend
            against it. The best thing an enterprise can hope for is to receive some early-ish warning that something’s
            wrong and then try to respond to it as quickly as possible.

            Innovative platforms are turning the tables, empowering businesses to stop zero-day attacks with more
            advanced technology. For example, some solutions feature lightweight agents that can be installed on
            customer endpoints, so when a user downloads a file or when a file is in transit that could touch that
            endpoint, the file is quickly scanned for malicious content. If the agent spots anything malicious within
            the  file,  it’s  blocked  before  it  can  execute.  The  scanning  happens  so  fast  that  an  unsuspecting  or
            inattentive  end  user  doesn’t  even  have a  chance  to  click  on  or  interact  with  the  file.  This  switch  to
            preemptive action is a meaningful step forward in blocking zero-day attacks before they can unleash their
            payloads.



            Plugging the holes in patch releases

            With traditional tools, providers push routine security patches to update the list of known threats, allowing
            the software to spot and, hopefully, stop them. However, despite the comprehensive nature of many
            vendors’ lists, there are still gaps that can reduce the effectiveness of the company’s defensive efforts.
            One problem is that zero-day exploits can take a long time to identify, and even after a vulnerability is
            known, there may still be a days- or weeks-long gap before it’s included in a patch.

            Patch  release  schedules  often  present  their  own  challenges.  Frequent  patch  releases  may  stress  a
            cybersecurity vendor’s quality assurance process, allowing errors to infiltrate customers’ networks. Those
            mistakes can disrupt operations and potentially hop from the originating software to other systems in the
            environment.  The  more  frequently  an  enterprise  receives  patches,  the  greater  the  chances  that
            something will go wrong. If that little thing snowballs into a big thing, IT will have a new and urgent problem
            to fix.



            Zero-day attacks and the AI difference

            Solutions with deep-learning capabilities can address many of the drawbacks of traditional tools. For
            example, they can bridge the holes that may appear between patches. Rather than relying on frequently
            updated lists of attack vectors and attributes, which can become outdated almost as soon as they’re
            released, platforms with advanced AI capabilities leverage alternative methods to stay ahead of zero-day
            attacks.

            Working much like the human brain, these tools incorporate a neural network that can detect previously
            unknown  attack  patterns  faster.  In  the  case  of  zero-day  attacks,  this  means  the  platform  can  make
            connections  that  didn’t  exist  before,  identifying  novel  cyberattacks  or  malicious  software.  Innovative






                                                                                                            131
   126   127   128   129   130   131   132   133   134   135   136