Is Tomorrow A Zero Day?

By  Ben Halpert — July 02, 2010

By now, you have probably heard about Operation Aurora. It was a cyber attack launched between mid-2009 and December 2009 against large corporate targets. Among those targets were Google, Rackspace, Juniper Networks, Adobe Systems, Symantec, and many others. 

In a blog posting on Jan. 12, 2010, Google revealed that it had traced the source of the attack to China, and, as a result, that it would no longer cooperate with the Chinese government by providing censored search results. The result? An international incident, replete with allegations and counter-allegations about whether Google's actions amounted to a United States government conspiracy.  

What's scarier than the concept of Google leading an alleged U.S. conspiracy against China?

The cyber attack itself, of course.

Here's how it worked: To compromise end-user systems, the cyber attack leveraged a zero-day vulnerability in Microsoft Internet Explorer. The compromised end-user systems were then used as the launching point for searching company Intranets for valuable information. In this context, a zero-day vulnerability occurs when a vulnerability exists where no known fix by the affected software developer is available to protect effected systems.

How can you protect your organizational assets from zero-day vulnerabilities?

As a mitigation, your organization can employ techniques for controlling the end-user computing environment. While this is by no means an exhaustive list of steps to take to control the end-user environment, it can serve as a starting point for discussions.

  1. Make sure you have a good inventory of organizational IT assets, both hardware and software.
  2. Remove end-user administrative access to their systems.
  3. Ensure a vulnerability management platform is employed.
  4. Create standard device images that are approved for use in the organization.
  5. Deploy a white-listing capability based on your standard images.

White listing allows only approved software to run on specified devices. There are several solutions available, from built-in operating system components, such as AppLocker on Windows, to various third-party solutions from Bit9, Faronics, and McAfee, among many others.

Zero-day vulnerabilities will be a reality for as long as we use software as a productivity tool in the workplace (so add zero-days to death and taxes). If you are not controlling the end-user work environment, then you are leaving your organizational assets open to compromise from the unknown cyber attacks of tomorrow.


comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

Current rating: 4 (1 ratings)



Must See


What Enterprise Apps Need Now

Mobile Enterprise explores how companies across all segments are increasingly leveraging mobile apps to enhance productivity for everyone, from field service workers to C-level executives.