Download PDF - Codenomicon
Download PDF - Codenomicon
Download PDF - Codenomicon
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs)<br />
Preventing Advanced Cyber Attacks<br />
Crackers need to find a vulnerability in the protocol implementation<br />
in order to devise an attack against a target system [2].<br />
By removing potential zero-day vulnerabilities proactively, you<br />
can make it significantly harder for crackers to devise attacks.<br />
Thus, the best way to prevent zero-day attacks is to get rid of exploitable<br />
vulnerabilities proactively [1]. Fuzzing enables you to<br />
find previously unknown, zero-day vulnerabilities by triggering<br />
them with unexpected inputs [1]. By incorporating fuzzing best<br />
practices into your organization’s development and procurement<br />
processes you can improve the security and robustness<br />
of your networks.<br />
Detecting Advanced Cyber Attacks<br />
Not all attacks can be prevented, thus organizations must be<br />
able defend against attacks. Organizations commonly rely on<br />
signature-based security defenses, such IPS/IDS solutions, vulnerability<br />
scanners and firewalls [3]. They are fairly efficient in<br />
defending against known attacks. However, they can only detect<br />
pieces of malware, for which an identifier, known as a signature,<br />
already exists and has been deployed [4]. Advanced attacks<br />
exploiting zero-day vulnerabilities can completely bypass<br />
these defenses [3]. Automating abuse information collection<br />
and processing is key to getting actionable information on incidents<br />
in your network. Good abuse situation awareness is key<br />
to establishing systematic and efficient processes for responding<br />
to cyber incidents.<br />
Zero Exposure<br />
Limited Exposure<br />
Public Exposure<br />
3<br />
Vulnerability Exposure<br />
Vulnerabilities are flaws in software or software components<br />
in hardware, which enable crackers to exploit a system. Vulnerabilities<br />
are not created when a system is being attacked. They<br />
are design and implementation errors that are introduced into<br />
the code during development [4]. The errors become vulnerabilities<br />
once the software is released, and it gets exposed to outside<br />
attacks [5]. Security researchers, security companies and<br />
hackers discover some of the vulnerabilities, and if they choose<br />
to report the findings, they can enable software developers to<br />
create patches for the found vulnerabilities [5]. After the patch<br />
release the vulnerability becomes public knowledge [5].<br />
No exposure, no publicity<br />
Figure 1 categorizes vulnerabilities based on exposure. The exposure<br />
of a vulnerability depends firstly on whether the vulnerability<br />
can be accessed by outside attackers, and secondly on<br />
how public the vulnerability is. During development, new vulnerabilities<br />
have zero exposure to attacks: nobody knows that<br />
they exist and they cannot be exploited by outsiders [5]. After<br />
release the vulnerabilities have limited exposure: they are open<br />
to attacks, but the attackers first have to find them [5]. After a<br />
patch is released, the exposure is full: the attackers have both<br />
the possibility to attack and the information they need [5]. Public<br />
exposure can be avoided by deploying patches<br />
in a timely manner. In this paper, we focus on techniques<br />
used to discover zero-day vulnerabilities with<br />
zero-exposure prior to release or implementation<br />
and to detect attacks exploiting zero-day vulnerabilities<br />
with limi-ted exposure.<br />
inside access only<br />
Release/<br />
Implementation<br />
Patch<br />
Release<br />
in-and outside access<br />
Figure 1: Vulnerability exposure. Based on [5].