One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 898700 |
| Date de publication | 2018-11-15 17:12:00 (vue: 2018-11-15 20:00:58) |
| Titre | Defending Against Zero-Day Attacks with AlienVault USM Anywhere |
| Texte | Introduction Recently, an AlienVault customer reached out to ask how AlienVault handles the detection of zero-day attacks, which are exploits against previously unknown vulnerabilities. In this blog, I shed light on how we approach this. Modern security products rely on some definition of threats, whether that definition is as specific as a signature that identifies a unique strain of malware or as general as a behavior pattern that threat actors employ broadly across different strains of malware. The challenge of security is keeping those definitions up to date as attacks emerge and evolve in the wild every single day. Most organizations outside of the Fortune 500 do not have the resources to tackle this challenge on their own. There are a few approaches to this challenge of staying ahead of the always-shifting threat landscape and new zero-day attacks. One is to discover vulnerabilities before threat actors discover them and figure out how to exploit them. Another is to identify the active exploit in the wild early and to quickly update your defenses immediately to detect and respond to it. AlienVault uses both of these approaches to keep our customer environments secure in the face of zero-day attacks. Let’s take a deeper look at how. Early Access to New Vulnerability Information One way to stay ahead of emerging threats is to know about the vulnerability before threat actors have an opportunity to exploit it. As soon as a new software vulnerability or security flaw becomes public knowledge, threat actors go to work, taking advantage of the time it takes for security vendors to update their tools and for security teams to then identify and patch their vulnerabilities. That’s why it’s a security best practice for software researchers to inform security vendors of new threats and vulnerabilities before they announce them to the general public. For example, AlienVault participates in Microsoft’s Microsoft Active Protections Program (MAPP). Through this program, AlienVault Labs receives early access to new vulnerability information for Microsoft and Adobe products before Microsoft publishes it in its monthly security update. This allows us to update the defenses in USM Anywhere ahead of a public announcement, giving our customers a headstart in identifying and remediating the vulnerabilities in their environments. Discovering Zero-Day Attacks as they Emerge in the Wild Of course, the “good guys” are not always the first to discover new vulnerabilities. All too often, threat actors find and exploit vulnerabilities before vendors have the opportunity to discover and release patches for them. Thus, zero-day vulnerabilities are often discovered after they’ve been exploited in a successful zero-day attack. That’s why it’s important to have a constant watchful eye on the global threat landscape as well as the ability to operationalize new threat information as soon as it becomes available. The Power of the Global Threat Intelligence Community AlienVault has a couple of strategies here. First, AlienVault USM Anywhere is unique in its ability to detect zero-day attacks thanks to its direct integration with the Open Threat Exchange (OTX), the world’s largest open threat intelligence sharing community. The global OTX community of over 100,000 security researchers and practitioners contribute 19 million pieces of threat data daily, and they often alert the community within the initial minutes or hours of discovering an attack in the wild. This threat data is available to any OTX user to consume in their security tools. For AlienVault USM Anywhere users, OTX threat data is integrated and ready to use in the platform. Users can subscribe to any OTX Pulse to enable security alerting |
| Envoyé | Oui |
| Condensat | /19/580452886/alienvault > against alienvault anywhere attacks blogs com/ day defending feedblitz https://feeds usm zero |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.