Weissblick - Fotolia
In any business environment continuously driven by software, flaws discovered and used by bad actors can be devastating. Problems discovered in firmware, hardware, OSes and software applications must be remedied by the developer and released as a software patch, which will fix the flaw so it no longer becomes a threat.
Yet, what if the developer never discovered a flaw? Alternatively, what if the developer discovered a flaw but didn't bother to fix it in a timely manner? This is what's known as zero-day. This term is used because the developer had literally no time -- zero days -- to fix the flaw before the bad guys knew about it. Thus, time is of the essence to get a patch released.
Getting a bit more technical, you'll often hear about two similar sounding -- yet very different -- zero-day terms. The first term is zero-day vulnerability. This is when software has a flaw known to the developer, but the developer does not yet have a patch ready to be released.
If a patch is not released in time, nefarious actors can create a zero-day exploit -- our second term. A zero-day exploit is a software package coded to take advantage of the known zero-day vulnerability. In most cases, a zero-day exploit is packaged as malware. Zero-day exploits are often highly successful until they become widely known and either the software is patched or other security measures are put in place to successfully identify and block the exploit.
Guarding against zero-days -- whether deemed vulnerability or exploit -- should be high on any CISO's priority list. The exploit takes advantage of exposed software without an available patch. As a result, CISOs must put security teams on notice when a known zero-day vulnerability is announced so they can work to remediate the risk a zero-day exploit could have on the organization.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Andrew Froehlich
While VLANs are a type of subnet, they have their own unique capabilities and characteristics that differentiate them from subnets. However, the OSI ... Continue Reading
Broadband and Wi-Fi are common technical terms often used interchangeably -- although they shouldn't be. Both provide connectivity, but they do so in... Continue Reading
Migrating to UCaaS doesn't always mean an organization can keep its PSTN or SIP carrier. But some providers are taking a 'bring you own carrier' ... Continue Reading