A zero-day attack can cripple a company. A “zero trust” strategy protects a company.
But can a zero trust strategy prevent a zero-day attack that exploits a zero-day vulnerability? No, but it can help contain it. Let’s clarify any confusion caused by all these “zeros.”
Zero…what?
The article Stop Zero-Day Attacks With Zero Trust and similar arguments can confuse readers because they misrepresent zero-day vulnerabilities and don’t properly position how zero trust is designed and operated.
- A zero-day vulnerability isn’t something your security team can prevent. It’s an exploitable flaw in software code that bad actors discover before developers. The term “zero-day” refers to how many days before there’s a fix for the issue. (Once the fix is available, the flaw becomes a “known” vulnerability instead of a zero-day vulnerability.)
- A zero-day exploit is a tactic bad actors use to take advantage of the vulnerability and gain unauthorized access to a system.
- A zero-day attack is when cybercriminals use a zero-day exploit to target a system running vulnerable software, usually by installing malware.
Zero trust is a security framework designed to control access to data and systems at the granular (least privilege) level. It assumes that no user or device should be automatically trusted, whether they are inside or outside the network perimeter, but it isn’t designed to stop zero-day attacks.
How can zero trust help with zero-day attacks?
Zero trust “least privilege” access controls create barriers that may prevent some zero-day attacks and other kinds of attacks from spreading and doing more damage.
This is because Zero Trust Network Access, or ZTNA, grants conditional access to systems and data. The conditions for access can include a user ID, password, MFA, and possibly a token, but ZTNA takes security even further. It also verifies multiple other scenario-based conditions simultaneously — a trusted location, device, time of day, computer ID, and/or Trusted Platform Module (TPM) within the computer that hasn’t been tampered with, for example.
The zero trust guiding principle is “never trust, always verify.”
What’s the best way to be ready for a zero-day attack?
Many of the same best practices you use to safeguard against any cyber loss may help protect you from some zero-day attack damage:
- Keep everything up to date and backed up
- Use network segmentation and advanced threat detection
- Prioritize patching
But for next-level protection, you need a risk management strategy that’s based on protecting what’s most important first.
In Zero-Day Attacks: Why You’re Vulnerable and What You Can Do About It, we look at a recent report about who’s doing most of the attacking and why and offer some detailed advice. And if your company is not using a zero trust approach yet, check back soon for a post on why you should use ZTNA even if you haven’t completed your cloud migration.
At Leapfrog, our security team focuses on protecting our clients’ businesses from every kind of cyber loss. Our approach goes beyond traditional IT-focused strategies by developing and managing cybersecurity processes and ensuring the processes are followed.
