Encyclopedia - Encyclopedia Part 2 -
What is Zero Day?
The new Zero Day Initiative in SecPoint Protectors has become the key component in your network defense system. SecPoint offers Zero Day Protection in the Unified Threat Management Protector appliance, preventing new and unknown attacks.
What is a Zero Day attack?
Zero Day vulnerabilities are unknown or new attacks for vulnerabilities wherein no patch has yet been released. It is a well-known term in the black hat (malicious hacker) community. Trading for Zero Day vulnerabilities is also a popular hacker activity.
When you have Zero Day Protection you are protected against unknown and new vulnerabilities. This also helps you close the window of waiting time for patches and fixes. In contrast, signature-only products tend to rely on the vulnerability database more.
Several special techniques are applied in order to protect your system from Zero Day attacks:
- Connections in the black hat community.
- Pattern matching removes high-risk and dangerous files by inspecting the entire packet.
- Stops suspicious behavior from systems probing a target system.
- Stops traffic that does not match protocol standards.
Zero Day Protection is Part of the UTM features of the Protector
The real-time bidirectional architecture of the Protector combines key security capabilities that are able to defend against all sorts of attacks and protect against variants even before they become known. Some of these capabilities include:
- Protocol anomaly detection blocks malicious traffic that does not conform to established protocol standards.
- Pattern matching flags and removal of high-risk files, such as .exe and scripting files, viruses, spyware, and trojans from the system by fully inspecting the entire packet.
- Behavior analysis identifies and stops traffic from hosts exhibiting suspicious behaviors, including DoS and DDoS attacks, port scans, and address scans.
The Attack Window
From the time a new vulnerability is identified and until a patch is created, there is a period when your systems are at risk. It is therefore important to implement different techniques to protect against Zero Day exploits during this critical moment.
Even a few minutes without Zero Day protection can become a huge security risk. Sometimes it can take the vendor hours, days, or even weeks to create a patch. In some cases, the patch will not work correctly and the system would still be subject to attack.