A zero day threat exploits an unknown computer security vulnerability. Attackers can exploit zero-day vulnerabilities through different channels. Some common channels include email attachments, drive-by software downloads, and web browsers including advertising.
Typically a zero day attack takes advantage of a bug that developers nor end-users are aware of. By discovering the bug before the developer a hacker can take advantage and plant a malware or virus through the vulnerable channel. The vulnerability period for a zero-day threat can range from a few minutes to a few years.
For example Microsoft Internet Explorer shipped to end-users for over seven years with a vulnerability that can allow remote code execution. The bug present in Adobe Flash had the capability of allowing malicious advertisers or website developers to push sketchy downloads into end-users machines. The risk here can range all the way from simple adware up to malware and stolen data.
Most traditional security models including endpoint security, antivirus and firewall generally cannot stop zero-day threats as the threat is unknown until it is exploited. Developers cannot stop the unknown. So how does one protect their company network from unknown threats?
Penetration testing is designed to replicate the actions of a hacker by actively attempting to hack a system. The intended goal is to hire a good-guy hacker to breach the network before a bad-guy gets in.
There are three main areas of penetration testing
After the three areas are complete your Netfast consultant will provide a detailed report that will outline threats found and resolution suggestions. They will then work with our engineering services team and our best-in-class partners to implement remediation if needed.