The Zero-day Attack. Is there something more I can do?
As I discussed in the first and second part of this mini-series looking at the zero-day threat, what you are having to do is defend against the unknown – something that at first glance would seem impossible.
Zero-day – It is impossible
Actually, when you come down to it, the zero-day threat is impossible to defend against 100% of the time, but as I discussed in part 2, there are some immediate steps everyone can take to limit the problem. What can you do if you want to do something special which will move you nearer to the 100% defence?
Indicators of Compromise
When looking for the unknown, it is useful to know what actions a threat actor needs to carry out to effect an attack (Ching Tok. 2023). Spot them early enough and you can stop the attack. This works even if you do not know exactly what the hacker is attacking – so it works for that zero-day cyber security gap. These clues are called Indicators of compromise (IoC) and they suggest a system has been breached or infected by a zero-day threat. Some common IoC are:
- Unusual network traffic or connections
- Suspicious files or processes
- Unexpected changes in system configuration or behaviour
- Anomalous user activity or login attempts
- Alerts from security tools or antivirus software
Now all you need to do is watch out for these IoC continuously, night and day, even on Christmas Day and your birthday, across all your endpoints, networks and cloud environments…
24/7 Continuous Cyber Security Monitoring and Response
The best way to secure all your information all the time
A Security Operations Centre (SOC) is a tool big business has been using for a long time, providing real-time 24/7 continuous monitoring and incident response to their organisations.
Our SOC gathers in a raft of security and operational information from your endpoints, network and cloud systems, including the logs across your Microsoft 365 environment, and applies machine learning to it, so it understands how you usually work.
This is then fed to our Security Operations Centre where a team of experienced cyber security experts, backed by scanning/detection tools, AI, machine learning and knowledge of the current threat situation, watch for any Indicators of Compromise. If spotted first by the automated systems and then passed on to the on-duty team, they help us and your incident response team to respond quickly to cyber security issues. In the case of really serious attacks, the on-duty team can respond and triage the attack before escalating the problem – night or day all through the year.
Now smaller organisations – right down to the one-person organisation – can afford this type of cyber security.
Are you interested in that level of cyber security?
Our SOC comes online on 1 August 2023. Be one of the first to take special care of your cyber security.
Next
We will look at another cyber security threat that is impossible to defend against 100%.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Ching Tok, Y. (2023). Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators. InfoSec Handlers Diary. https://isc.sans.edu/diary/29966
Further Reading
Here are part 1 and 2 of this mini-series on the zero-day threat and what you can do about it.
The Zero-day Threat – What is it?
The Zero-day Threat – What can you do about it?
