How Do I Protect Against Novel Threats and Zero-Day Exploits?
Most cybersecurity tech and protection efforts focus on reactive signature-based prevention. That is because protecting against known threats is both important and relatively doable if your SOC is staffed with good people and your security stack works smoothly.
But what about novel threats and zero-day exploits? In the old, reactive model, there were a few things you could do to mitigate risk, but with no signatures to refer to, there is also a lot of crossing of fingers and hoping. In this post, we’ll take a quick look at some of the steps you can take to minimize risk, including using SecLytics' unique, patented Augur productive intel.
5 Ways to Reduce Your Risk From Novel Threats and Zero-Day Exploits
1 - Update. Update. Update!
It’s obvious. But because there are so many systems running and so many patches and updates to apply, teams often fall behind. But even novel threats and zero-days often rely on accessing un-updated systems, so make updating and patching a top priority.
2 - Protect Against Anomalous Behavior with EDR/NDR/XDR
Many Endpoint Detection, Network Detection, and XDR systems include behavioral elements that look for unusual or suspicious activity on your device or network, such as a printer using a different port to connect to an external IP and sending large amounts of data or a workstation unexpectedly communicating with multiple servers across your network. Because behavioral profiling isn’t limited to detecting known IOC signatures, it can be very helpful in raising the alarm if you’ve been compromised by a novel threat or zero-day exploit. You can read more about EDR/NDR/XDR and zero-day protection here.
3 - Adopt a Network Segmentation Approach
Although this is more of a mitigation strategy than a prevention strategy, segmenting access control to your network services and components can reduce the impact of any exploit by limiting the cybercriminal’s ability to make lateral moves across your network and devices.
4 - Stick to the Rule of Least Privilege
This, like staying current on updates, is another basic that we shouldn't need to include on this list. The principle of least privilege is best practice. It is one of the first principles of good data governance. But, according to Forrester, 80% of data breaches stemmed from misuse of privileged account access. The ”least access” principle means that you only give users, devices, and applications the most basic permissions they need to operate. By restricting permissions, you limit the actions that can occur and prevent abuse or, in the case of novel threats and zero-day exploits, radically reduce the surface of attack.
5 - Include Predictive Intelligence in Your Threat Intel Coverage
Last but not least, adding Augur’s predictive threat intelligence to your threat intel coverage provides proactive protection, not just mitigation, unlike the first four steps.
Our classifiers scan the internet daily, looking at new IPs, domains, BGP announcements, and DNS resolutions using machine learning and behavioral profiling to identify new criminal infrastructure. Augur looks for very distinctive patterns of activity that are common to the build-up of threat infrastructure. Augur is also able to identify the digital fingerprints (TTPs) of cyber-criminal groups and attribute threat infrastructure to specific groups.
The predictions Augur makes are over 97% accurate. More importantly, they produce an extremely low rate of false positives (0.01%). That means you can trust Augur predictions enough to take action on them and even automate enforcement based on them. We can’t predict every threat. But each year, Augur predicts more than 400K IPs to be malicious.
There are three major benefits to predicting the source of attacks rather than identifying the type of attack:
- If you predict where attacks will originate, you don’t need to know what form the attack will take. You simply block any communication in or out with the attack infrastructure before attacks can take place, thereby nullifying a significant advantage of novel attacks.
- If you know who the infrastructure belongs to, you can block all traffic from infrastructure belonging to the groups who target you, not just IPs involved in the current exploit. This adds an extra, extended layer of proactive protection.
- Blocking threats based on predictions takes time pressure off your SOC team, reduces overall alert volume, and improves your security posture and resilience.
Let Augur Enhance Your Security
Augur predictive threat data is now available as a standalone feed or as part of the Augur PDR. Whether you are just looking to add unique and valuable data to your threat intel program or for a platform that can orchestrate and automate enforcement, reduce noise in your SOC and provide in-depth context and enrichment for your threat hunters, we have a solution that is right for you.
Your Early Warning System
Augur is your best early warning system and your insurance policy against novel threats. Recently, Augur predicted major elements of the MOVEit, Solar Winds, Log4JShell, Colonial Pipeline and ProxyNotShell hacks months ahead of first reports.
Our smart behavioral prediction models identify and group threat actors based on patterns of activity. The platform can then predict the source of novel attacks up to 50 days out. At the time of prediction, these predictions are often +-90% unique compared to other leading threat data sources.
You can learn more about how Augur predicts the future here and how it solves real-world security problems here. If you want to talk to someone about how Augur’s predictive intelligence can improve your overall security posture, email us at email@example.com.