This content is part of the Essential Guide: Cyberthreats, cyber vulnerabilities, and how to fight back

How can zero-day attack prevention be improved?

Cognitive technology can aid IT teams in zero-day attack prevention and vulnerability detection -- if you know the right way to deploy it.

Zero-day exploits present enterprises with a very difficult challenge: How can a vulnerability be repaired and...

an attack averted when there is no realization that such a flaw actually exists and, thus, there's no patch for it? By definition, a zero-day vulnerability is a susceptibility that the software or appliance vendor is unaware of and, therefore, has no patch to correct it.

With a highly organized and very sophisticated cybercriminal underground in action, the rise of zero-day -- sometimes referred to as zero-hour -- attacks is driving the security community as a whole to come up with ways to find and fix vulnerabilities more rapidly.

The good news is security vendors are making solid progress both in terms of technology advances on the part of the vendors and in cooperating across the industry to share threat intelligence to accelerate attack recognition and mitigation efforts. The result is improvements in zero-day attack prevention.

Risk & Repeat: Shadow Brokers launch zero-day exploit service

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Shadow Brokers' monthly service for zero-day exploits and how it may affect enterprise security efforts.

Machine learning enters the picture

As important as advances in areas like machine learning are to thwarting attacks, the most sophisticated technology is useless if the right practices aren't in place.

Machine learning is one area where vendors are making major strides toward improving zero-day attack prevention. The cognitive technology watches traffic patterns across a network, learning what is normal. From that baseline, the cognitive technology tracks activity across a customer network, looking for anomalous traffic patterns that are indicative of a potential threat. 

Security researchers are also using machine learning to monitor activity on the darknet, where hackers share information, and the deep web, where cybercriminals can buy malware and exploit kits. This is helping the security community as a whole uncover potential exploits in time to make an effort to patch the vulnerabilities.

Putting together the big picture

Managed security service providers and security vendors also rely on their own networks of sensors to monitor activity worldwide, which can provide important data used for zero-day attack prevention. Security research teams are making some progress on sharing intelligence to expedite vulnerability and threat identification.

In the end, as important as advances in areas like machine learning are to thwarting attacks, the most sophisticated technology is useless if the right practices aren't in place. This means enterprises must not only properly patch vulnerabilities, but also ensure new appliances are configured correctly.

What is clear is even as security vendors accelerate their pace of innovation, cybercriminals seem to be moving even faster. Staying alert and focused is critical. 

Next Steps

Addressing vulnerabilities that could lead to zero-day attacks

Using anomaly detection to stop attacks

Machine learning booms for cybersecurity

This was last published in September 2017

Dig Deeper on Network Security Monitoring and Analysis