Zero-Day in the Cloud – Say It Ain’t So


This post was originally published here by  Steve Armstrong.

Zero-day vulnerabilities are computer or software security gaps that are unknown to the public – particularly to parties who would like to close said gaps, like the vendors of vulnerable software. 

To many in the infosec community, the term “zero-day” is synonymous with the patching or updating of systems. Take, for example, the world of anti-malwarevendors. There are those whose solutions utilise signatures or hashes to defend against threats. Their products ingest a piece of malware, run it through various systems, perhaps have a human analyse the file, and then write a signature. This is then pushed to their subscribers’ end points in order to update systems and defend them against that particular piece of malware. The goal is to get the update to systems before there is an infection (sadly, updates are not always timely). On the other hand, there are some vendors who reject this traditional, reactive method. Instead, they use artificial intelligence to solve the problem in real time – a prime example of this is Cylance.

When assessing threats, it comes down to what you don’t know. It can be difficult to respond to unknown threats until they strike. As they say, it’s not what you know that kills you. This is also true in the SaaS space. The analogy is simple, new applications appear daily – some good, some bad – and even the good ones can have unknown data leakage paths. Treat them as a threat.

In order to respond to unknown cloud applications, you can do one of two things.

First, the standard practice from CASBs (cloud access security brokers) is to find the new application, work to understand the originating organisation, analyse the application, identify the data leakage paths, gain an understanding of the controls, and then write a signature. This is all done by massive teams of people who have limited capacities to work – very much like the inefficient, signature-based anti-malware vendors. It can take days, weeks, or even months until an application signature is added to a support catalogue. For organisations who want to protect their data, this is simply not good enough.

Option two is to utilise artificial intelligence and respond to new applications in the same manner as advanced anti-malware solutions like Cylance. This route entails analysing the application, identifying the data leakage paths, designing the control, and securing the application automatically in real time. This is the method provided by Bitglass.

At Bitglass, we have built the only machine-learning-based shadow IT discovery tool in the industry. Our zero-day capabilities can respond to new applications on the fly, vastly reducing the window of opportunity for data leakage to occur. This platform can also turn applications into read-only applications so that data does not leak through platforms such as Facebook or LinkedIn.

New, unknown applications should be responded to in the same fashion that an enterprise would respond to any other threat. Rather than waiting days, weeks, or months, they should be addressed immediately.  

To learn more about Bitglass’ zero-day capabilities, download the solution brief below.


No posts to display