The Great Patch Race

August 5, 2015   //   Security, , ,

Managing patches for vulnerabilities is quickly becoming a full time job for companies. In response to attackers’ willingness to pay to leverage new vulnerabilities to infect your systems, a thriving exploit broker scene has emerged. This has fueled the explosion of zero-day exploits as well as subsequent patches that are released by vendors such as Microsoft and Adobe. The result is a full on race to patch your systems before attackers exploit any vulnerabilities. The time to exploit systems is getting shorter and shorter—to the point where it is no longer feasible to test patches, notify users and finally push the fix to all of your systems.

Zero-day Protection

So what are we left to do if we can’t patch fast enough? This is where true zero-day or signatureless protection comes in. Traditional antivirus (A/V) uses signatures that are created once a sample of a piece of malware is found. If there is no signature for the malicious software then your A/V will allow the application to execute. This poses an obvious problem if the A/V vendor cannot access a sample and write a corresponding signature fast enough. Zero-day protection does not rely on such signatures, instead it looks at how the malware behaves and makes a determination if it should be allowed to run. This model does not rely on acquiring a sample, having a signature or even knowing about a vulnerability. Rather, it’s protection by default.

SWC’s Malware Protection Plan

SWC has developed a zero-day protection plan to mitigate vulnerabilities and provide companies time to test patches and deploy at their own pace. Companies will never win the patch race against attackers; it’s simply too daunting to patch your entire environment every time a 3rd party or critical Microsoft patch is released.

Our approach consists of network border protection with appliances such as FireEye, Palo Alto or Fortinet sandboxing appliances. The latter two can also serve as functional Next-Gen firewalls with AD integration to gain better visibility into the network. To keep with the defense in depth (DiD) principle, endpoint signatureless zero-day protection such as Malwarebytes Endpoint Enterprise (Anti-Malware and Anti-Exploit), as well as application whitelisting (i.e. Bit9) is also recommended. Together, these products wrap signatureless zero-day protection around your endpoints and servers, which buys you the time you need to test and deploy patches in a consistent and safe fashion without racing the attackers.

Train Your Users to Identify Possible Attacks

When attackers do launch their attacks, they commonly start with a phishing email that attempts to trick a user into clicking a malicious link or opening an exploit-rigged file. It’s very important to train users how to identify and deal with phishing emails. Assess how likely your users are to click on malicious emails and then tailor a security awareness program to address your risks. SWC has a robust phishing assessment program that can pinpoint users that are susceptible to phishing attacks and then train them on how to spot a phish before it’s too late.


Reduce Your Risk of Zero-Day Vulnerabilities with SWC’s Security Expertise

SWC has been deploying zero-day protection and anti-phishing solutions in a variety of scenarios and verticals. We can help your organization reduce the risk of zero-day vulnerabilities and phishing attacks. We invite you to contact SWC (630.572.0240) about how we can help secure your systems with advanced protection capabilities.