eEye has a new site, aptly called Zero-Day Tracker to track zero-day exploits.

This is without a doubt a valuable service but I doubt the vast majority of enterprise networks honestly have the resources and infrastructure in place to address Zero-Day mitigation.

Here are a few things needed to mitigate zero-day exploits;

1. User policies that are well known, well trained and well enforced (I list this first for a reason)
2. A user training program that teaches users how to safely surf, safely check email, etc
3. Behavior-based NIPS and HIPS
4. Ability to block ActiveX controls enterprise-wide
5. Aggressive, near-draconian firewall rules (that’s egress and ingress, my friends)
6. Patch management (yes it’s “zero-day” and there aren’t patches for it yet. There will be though and you need to be able to rapidly deploy those patches if the risk to your environment dictates a rapid response)
7. A documented, tested incident response plan

And that is just the beginning. Have you had your network audited by a third party or are you taking your own word for it that you are secure? Do you know the contact information for the security group of your ISP? Is your entire enterprise network documented and is that documentation maintained?

If you answered ‘no’ to any of the above, go back and fix those issues. Stop blogging now and get started. I am.

For more information about this topic

• No Related Post