Zero-day exploits, which take advantage of a security vulnerability on the same day that the vulnerability becomes generally known, have long been a thorn in security practitioners’ sides.

These attacks happen quickly, before the vendor or security community as a whole has had a chance to fix it.

“Zero-day exploits are a cybercrook’s dream,” says Lutz Blaeser, MD of Intact Software Distribution. “These hackers take advantage of the fact that no one is aware of them, and haven’t yet issued a patch.”

Blaeser says zero-day exploits are often uncovered by hackers themselves, who discover a vulnerability in a particular product or protocol, be it Adobe, Java, Microsoft or similar.

“Once a zero-day has been found, cybercriminals share them on underground Web sites, dark markets and via IRC, ensuring that the maximum havoc is wreaked.”

Because of this, zero-day exploits are a major headache for organisations and vendors alike.

“Moreover, traditional security measures such as antivirus, firewalls and intrusion prevention, while great at protecting against known threats and malware, cannot hope to protect against a zero-day attack.”

He says by their very nature, specific information about zero-day exploits is available only once the exploit is identified. “However, there are ways to prevent falling victim to these dangerous threats. While no organisation can hope to protect itself 100% from zero-day exploits, there are several steps that can help protect against them.”

Firstly, he says ensuring that security measures are in place, and most importantly, updated regularly, is vital. “This should include having firewall policies in place that are in line with the company’s needs, and cover all the applications. In addition, updating the anti-malware software, blacklisting known vulnerabilities, patching regularly and blocking any potentially harmful attachments is important.”

Secondly, Blaeser says realtime protection is a must. “Intrusion prevention systems (IPS) should be deployed, and should offer thorough protection, including network-level protection, forensics, application integrity and application protocol Request for Comment (RFC) content validation.”

In addition, although we all know the old maxim of prevention is better than cure, it is impossible to prevent every single incident, so having an incident response plan in place is vital. “This will include having defined roles laid out, and procedures in place that cover the prioritisation of the most crucial activities, aimed at mitigating against any possible damage to the business.”

Zero-day exploits are a concern for even the most secure companies, who have invested fortunes in security controls.

“While there is no silver bullet, taking the above steps will go a long way towards lowering the risks to the businesses’ most valuable data,” Blaeser concludes.