Home » cyber security » Zero-Day Vulnerabilities: What You Need to Know

Zero-Day Vulnerabilities: What You Need to Know

If “zero-day exploit” hadn’t previously been a part of your vocabulary, 2016 is the year to make the term stick. Cisco’s annual report on the state of cyber security indicated a surge in the sophisticated hacks that fall under the zero-day heading. And that was before a number of recent events drew widespread concern from the cybersecurity field and the federal government.

In mid-August, the National Security Agency (NSA) announced that hackers had breached their networks and obtained classified data, including a number of zero-day exploits that the agency had been collecting for surveillance of several consumer software products. The NSA drew criticism from the cyber security community for stockpiling these cyber weapons, and it is currently investigating the impact of the breach. Analysts did their own research to find out whether hackers are putting the stolen exploits to use. (They are.)

At the end of the month, Apple made a statement regarding zero-day exploits, announcing that it would be releasing a security patch for iOS. The platform had been the target of multiple zero-day exploits, which an Israeli arms dealer was using to monitor several individuals, including a well-known human rights activist.

Zero-day exploits – sophisticated attack methods previous previously unknown to security researchers – present a particular challenge for cyber security programs. A vulnerability scan or standard monitoring program will not catch them, and they can make their way into systems silently, sometimes spending months there without being detected.

To secure against zero-days, the key is proactive intelligence and testing efforts that go beyond known databases to find potential risks before hackers do. Regular penetration testing and network analysis, then, are important aspects of an effective defense strategy.

Of course, not all organizations have the resources to take on these kinds of proactive testing measures. This is where third-party experts can step in. Through our managed security services program, Lunarline’s Hunt Team actively tests client networks, scouring for unregistered vulnerabilities that could lead to zero-day exploits. We also boast a full-scale penetration testing team that leverages years of experience and Lunarline’s innovative Sniper pen testing platform to find your risks before black hats do.

For more information on these programs, as well as other cyber security products and services, contact one of our experts or visit us online at Lunarline.com.

About Spence Witten

Spence has somehow survived ten years at start-ups and small businesses without suffering a (major) nervous breakdown. As Lunarline's Director of Federal Sales, Spence actually loves working on proposals. If there were any doubt, this is proof that he is in fact certifiably insane. While his title says "Sales" Lunarline doesn't let him off that easy. We make him do real work, too. Luckily he's a recognized subject matter expert in security policy and loves helping clients navigate their way around tricky security compliance standards. He's also been known to lead a software development initiative or two, though that pretty much always ends poorly for everyone involved. He can be reached at spence.witten@lunarline.com.