|
Zero day attacks can devastate a network. These are the attacks
that target application vulnerabilities that are unknown to the
application's creators and for which no patch yet exists. By
exploiting these vulnerabilities, attackers can enter your
network to execute code. In the worst case, an attacker can
exploit these flaws to gain complete control of a victim's
computer. To be protected from malicious zero day threats, you
must have proactive zero day defenses already in place when the
attack is launched. You get this critical level of protection
with the Firebox® X family of Unified Threat Management security
appliances.
What "Zero Day" is All About:
There's a lot of buzz in the security industry about "Zero
Day" attack protection, but vendors differ substantially in the
protection they really provide.
- Zero Day threats are new or unknown attacks for which a
patch or signature has not been written
- Zero Day protection, therefore, means being protected
against a new and unknown threat before the vulnerability is
discovered and the exploit is created and launched
Zero day protection means being protected
against a new and unknown threat during the window of
vulnerability timeframe.
True Zero Day Protection is Built into the Firebox® X:
The Intelligent Layered Security architecture of the Firebox
X combines key security capabilities able to defend against
whole classes of attacks. Some of these capabilities include:
- Protocol anomaly detection Blocks malicious
traffic that does not conform to established protocol
standards
- Pattern matching Flags and removes high-risk
files, such as .exe and scripting files, viruses, spyware,
and trojans from the system by fully inspecting the entire
packet
- Behavior analysis Identifies and stops traffic
from hosts exhibiting suspicious behaviors, including DoS
and DDoS attacks, port scans, and address scans
|
Twenty-two of the thirty most significant viruses
and their variants released from 2003 to 2006 were
blocked by default on the Firebox, protecting our
customers before a signature could ever have been
made available.* Here's the list: |
- Kama Sutra
- Zotob
- Sober.K
- Zafi.D
- Sober.J
- Bagle.AD
- Lovgate.AD
- Zafi.B
- Sasser
- NetSky.B
- Bagle.B
|
- Bagle (Beagle)
- Mimail.I
- Swen
- Blaster
- Bugbear.b
- Sobig.c
- Fizzer
- Lovegate
- Slammer
- Sobig
- Lirva
|
|
*Based on most commonly used
method of propagation (SMTP) |
What Signatures Bring to a Security Solution:
Some vendors make zero day claims but in reality their
security solutions rely solely on signature-based scanning.
Signature-based security technologies fingerprint each new
attack after it emerges, so protection comes when this
fingerprint, or signature, is added to the system. This is not
zero day protection. By their nature, signatures are reactive;
they cannot protect against new, previously unknown attacks
until an update is available.
Signature-based scanning provides a granular layer of
protection against spyware, viruses, worms, trojans, and blended
threats by identifying known malicious code within
benign-looking traffic and files. But this technique is only one
piece of a complete solution. You need zero day protection
combined with robust signature-bases scanning to have
comprehensive Unified Threat Management.
The Window of Vulnerability;
Signature-based solutions block what has already been
identified. Your network is still exposed from the time a new
exploit has been launched until a signature or patch is
developed and then deployed.
Considering the speed and destructiveness of today's attacks,
even a few minutes without protection can be devastating. The
reality is, it can sometimes be hours, days, even weeks before a
signature or patch is developed and deployed, making this window
of vulnerability every IT manager's nightmare.
|
GuardSite.com is a division of Virtual Graffiti Inc, an authorized WatchGuard reseller.
WatchGuard
Zero Day Protection