It’s become a cliché to say that, in general, cybersecurity is broken. The sad thing is, it's not a false statement. The world is dealing with literally millions of viruses. Those that pose the greatest threat are the zero-day threats—involving never-before-seen malware. Just look at the 2020 Ponemon Institute Report on breaches, where that organization’s research has shown that as much as 80% of successful breaches are due to zero-day exploits.
So why is it that zero-day attacks are so effective? It all comes down to how traditional cybersecurity defenses work. Take a look at the diagram below, adapted from the Lockheed Martin military strategy of the kill chain cyber crime.
To the left side of the diagram we have the preventive security measures. The primary downfalls for these approaches come from human fallibility, unknown unknowns, and maintenance overhead (which leads to the security measures becoming out of date).
To the right we see a realm in which numerous solutions have been created to help organizations detect negative behavior. One challenge is that those solutions are not typically designed to prevent damage—just limit it.
The greatest challenge posed by zero-day exploits is that virtually every approach depends on historical analysis, identifying “normal” network, or software behavior, to form a benchmark against which current, and future, behavior is gauged.
The ideal defensive solution would not depend on data from the past. It would be able to intercept and evaluate URL access requests at every endpoint on the fly. Suspicious payloads would be isolated and analyses performed to see how they behave before allowing them through. That type of tool would sit at the far left of the kill chain—like the spam or malware shields—and yet it would not allow zero-day exploits through its net.
Conventional wisdom holds that such solutions are impossible to create, and yet we are seeing the power of the cloud being harnessed to make these types of products available. As we see these technologies evolve, they will be crucial components of security programs, though they will be unlikely to become the sole protection upon which organizations can rely. The best approach will be to incorporate these solutions into a mature security program—guided by an experienced Chief Information Security Officer (CISO).
With CISOs hard to find these days, companies like Webcheck Security are godsends, as they provide virtual CISOs (vCISOs)—sometimes known as fractional CISOs—that act as internal leaders for organizations and provide the necessary security program leadership. Contact Webcheck to set up a discussion of your organization’s needs.