Navigating vulnerability management and zero-day detection

19.Aug.2019

Outpost24

Network security

We understand that vulnerability detection is time critical and can impact how vulnerabilities are managed. To improve zero-day detection, organizations can use a vulnerability management solution to improve the time from detection to fixing a critical vulnerability by utilizing specialist intelligence and tools.

From major vulnerabilities like BlueKeep to others discovered in gSOAP and Oracle Webcenter Sites by our Ghost Labs, we know from experience that vulnerability detection is a ticking clock and time is critical to ensuring a vulnerability isn’t exploitable. While no patching or antivirus signatures exist yet for zero-day exploits, making them difficult to prevent, there are several ways to accelerate detection of new vulnerabilities to reduce your exposure time and minimize the chance of attack.

Your guide to improve Zero-Day vulnerability detection

Vulnerability assessment scanning can help to detect some zero-day exploits, by translating newly reported vulnerabilities, as soon as they are disclosed, into detection scripts and used by scanners. But there’s a better way to accelerate this process. At Outpost24 we take a proactive approach through continuous social listening. We constantly monitor social media feeds of known security researchers and correlate that with our own research (pen test by Ghost Labs). Once we get the right signal-to-noise ratio and enough clues, we begin developing the collection and identification script before the vulnerability is reported. This way we can get the detection scripts ready in advance and release them as soon as the vulnerability goes public, which in turns benefit our customers by shrinking their time to detect critical vulnerabilities.

Navigating-vulnerability-management-and-zero-day-detection-picture-2

Another problem often faced by companies is the availability of scan windows due to system dependencies (and potential business disruption). Such dependencies can sometimes take days or weeks, leaving their IT systems exposed longer than it should. But the concern is not unfounded. Most of the commercial scanners available today are built around the same old Nessus open source framework, where each detection script is self-contained, which collects information multiple times and creates additional traffic that could overload critical IT systems. That’s why at Outpost24 we developed our own scanningless scan (SLS) technology collecting information as a grouped activity to minimize system impact. We collect the necessary information once only to determine if a vulnerability exists and store a ‘blueprint’ that we can run detection on until your next scan window. The key advantage of using the ‘blueprint’ is the ability to quickly check for new vulnerabilities without the need to re-probe your entire infrastructure. The result is less operational downtime and an expediated patching process, as we minimize traffic load and remove dependencies on suitable scan windows.

This multi-pronged approach allows us to accelerate the identification and hence time to remediation through less invasive probing - great for performing regular security hygiene checks that proactively seek out attack points on your software and technology assets continuously. We have seen days and weeks of time saved from helping our customers do just that.