What is a zero-day attack?

A zero-day attack is an attack that exploits vulnerabilities in software that are either unknown to the vendor or a patch has yet to be developed.  Attackers exploit these unknown/unpatched vulnerabilities by creating exploit code to compromise systems.   Once a vulnerability is patched, attackers quickly replace it with a new one.  Because of this quick process, they are difficult to defend against.  The term "zero-day" exploit is used because affected software developers have zero days to release a patch that keeps users protected.

How can companies protect themselves?

  1. Prevention:  Companies should keep software up to date, firewall policies matched to business needs, antivirus definitions current, email blocks in place to protect against harmful file attachments and user education to name a few.
  2. Real-time protection:  When possible, use intrusion prevention systems (IPS), threat analysis systems, and other security appliances.
  3. Planned incident response:  Companies should have a documented incident response plan and practice it regularly.