Amritam Putatunda
Technical Product Manager
Blog

Cyber Security Attacks - Are You Covering all Bases?

July 21, 2016 by Amritam Putatunda

Let’s Discuss the Elephant in the Room –Zero Days

Quite often during my customer meetings or presentations, I am asked if we have pre-packaged test cases that can generate zero-day vulnerability. Providing the correct answer can be tricky sometimes as a direct response puts doubts in the legitimacy of the question itself. Well, the truth is that no test tool can have a pre-packaged zero day, and if someone claims they do, you should ask them what their second lie is. Before explaining further, let’s understand the definition of the zero day, as per Wikipedia “A zero-day vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network.” This implies, even if we find something that’s undisclosed till now like these when we first found them, we have a legal obligation to go through proper disclosures. This allows the effected entities to take appropriate steps before we publish any details. Therefore, no legally-operating company can include a packaged zero day in their test tool. 

timeline of a zero day

Timeline of a zero day

However, this doesn’t stop BreakingPoint users from discovering a “new” zero day using Application Simulator, Stack Scrambler, or Routing Robot. Since these components create trillions of unique test cases, a few of them will end up breaking the device, application, or system under test by hitting a certain path in the code that was never tried before. BreakingPoint seed options also allow you to repeat the exact same test case and, if the issue is consistent, then most probably you have just discovered a zero day.

Now, to summarize the answer to the question of do we support pre-packaged zero days: “No, it’s not technically or legally possible to pre-package zero days. However, using the features, functionalities, and flexibility of a test tool, coupled with performance and scale, it’s not too difficult for a power user to create their own zero day”.

That said, zero days and any tool’s efficacy in handling them is a valid topic. There has been such a huge marketing campaign around zero days by security vendors in recent times and it’s natural to have curiosity on that. However, it is dangerous to assume that implementing protection against unknown attacks will automatically provide greater security resilience, as there are several facets of cyber-security, none of which can be ignored. 

Infections in devices and bodies

Infections both in devices or human bodies have similar timelines

Holistic Security Resiliency Comes from Blocking More Attacks.

  • Stopping Zero Days Is “One” of the Goals in Security: If you as a network IT administrator can block a zero day or prevent advanced targeted attacks, please give yourself a pat on the back as this is truly a commendable job. However, this doesn’t necessarily mean that your network is totally secured as there are several routes that a cyber-criminal may adopt to gain access. There is less likelihood of you being the first victim of an attack, just like it’s unlikely that you will be “patient-zero” of a new virus strain. However, if proper precautions aren’t taken, it is as likely for an aggressive virus strain to attack your body as it is for a hacker to exploit a popular vulnerability on your network.
  • Being Vigilant is the Key: Patch it before they attack. As mentioned earlier, it’s not likely that your network will be the victim of a zero day. However, we need to be extra vigilant for all such newer attacks and threats that we come across, either from following security websites or from vendor feeds. Following handles on Twitter, LinkedIn, and such, helps get news as it comes and react on it based on the merit. Having an overall idea about the Internet threat landscape can also help in streamlining security strategy. For example, the news of a critical vulnerability effecting Adobe Flash client that has not been patched by any vendor may be resolved temporarily by blocking all Flash file exchange through the network for the time being, and allowing it back once the vulnerability has been patched or the perimeter can detect it.
  • No Attack is Too Old to Ignore: Time and again, we have seen resurgence of older vulnerabilities, malware, or attack methodologies, exactly like how in the health industry we have seen strains of cured or curable diseases making a comeback. A security perimeter should prove its efficiency not only with the newest attacks, but also with older exploits, vulnerabilities, and malware. In the past, in several instances we have found device vendors failing to stop older malware that are still active and very much relevant.
  • If You Can’t Block, Make Sure You detect: There are millions of malicious software and thousands of vulnerabilities. It’s impossible to block everything and still do business in this Internet age. But every admin should ensure that all accesses to the networks be logged and tracked properly so in case an anomaly is detected, it can be tracked to its root. This is where the forensic tools, security analytics and other such out-of-band security tools come to play a role.

BreakingPoint’s Holistic Testing

BreakingPoint, through its Application and Threat Intelligence (ATI) platform, provides updated attacks and applications on a biweekly basis.

Ensure you block the old and the news and at least detect the un-knows

BreakingPoint’s security strikes and search engine provide the means to test your security effectiveness against sever exploits and malwares from the past ten or more years. The newer attacks ensure protection from the newly patched vulnerabilities or the newly discovered malwares. 

BreakingPoint Strike Template

BreakingPoint Strike Template listing attacks that are new and also year-wise

BreakingPoint can help in building your very own set of scenarios that can result in unique and never executed test cases as is explained in this blog, letting you understand your network’s defense capabilities against such “unknown” malicious behaviors.  Similar tests can also help gauge the efficiency of forensic tools to log and track such threats. Such an all-round approach ensures good coverage as far as the defense against security attacks are concerned. Now, covering all bases doesn’t necessarily mean that an attacker can’t hit a home run once in a while, but it definitely ensures a cyber-security resiliency that every organization aspires to.

LEVERAGE SUBSCRIPTION SERVICE TO STAY AHEAD OF ATTACKS

The Ixia BreakingPoint Application and Threat Intelligence (ATI) Subscription provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.