Anatomy of an Attack – Zero Day
You have taken great care to secure your network but even with responsible and sustained investment in your defenses you’re still at risk. attackers can bypass your security through an uncharted software vulnerability. a loophole revealed only by the persistent probing of a determined hacker. this is how a network is breached. this is how valuable data is stolen. this is zero day.
What is zero day ?
Zero day is a software vulnerability that has previously unknown and unpatched and therefore can be exploited by a thread actor to gain entry to a target Network. hacker finds a zero-day through hours weeks or months of painstaking effort he scours through lines of code probing applications and operating systems to find some weakness some flaw methodically barrages the target application with an array of reverse engineering tools and techniques forcing the software to reveal a small crack in the defense’s that provides them away to secretly execute code. with this vulnerability in hand the hacker has a choice, help the software vendor by providing them information about the vulnerability or sell it to a broker a black market vendor zero-day exploits. the broker compiled an inventory of zero days to build his reputation on the dark net with one goal selling his exploits at the highest. price the broker list 30 days on secret forums he acts as a matchmaker between exploit an attacker. the attacker needs an exploit that augments our existing tools and techniques use reconnaissance data to select the zero-day exploit that is most likely to compromise their target. because zero-day exploits are previously unknown they provide an element of surprise. the attacker incorporates the zero-day exploit into their customized attack and once the perfect storm program process and payload is concocted, the attack is launched.
Protection Against Zero Day
in a network protected by fireEye, NX series appliances can detect the intrusion., block the attacker and alert system administrators of the attempted breach NX series appliances. To enable the responders to freeze and rewind time isolating the packet captures from the earliest moments of the attack to a sharing with the dynamic for intelligence cloud enables fireEye to analyze the attack 0 discovery team reverse-engineer is the incident to break down the intricacies of the exploit using threat intelligence gathered by fire I devices and drawing upon years of in-depth knowledge and specialized techniques it will find the key exploit mechanisms and determine if this particular combination of tactics this is zero day if a zero-day is discovered fire I notifies the vendor of the vulnerable software and works with them to create a patch, meanwhile comprehensive data about the exploit is uploaded to the dynamic threat intelligence cloud which immediately notifies every fireEye appliance and protect fireEye’s customers. within 24 hours the patch is deployed the public is notified, customers are protected from a campaign that took threat actors countless hours to craft. when faced with advanced threats such as zero day exploits. you need advanced threat protection FireEye