Skip to content

Bes Practices Against Zero Day Attacks

  1. Use Windows Defender Exploit Guard
    As of Windows 2010, Microsoft introduced the Windows Defender. MS Defender has
    several capabilities that can effectively protect against zero-day attacks:

     Reduce Attack Surface and protect against malware.

     Use Network protection – Use guardrails against any outbound connection
    preventing any form of malware accessing external command and controls over
    your network and internet. Use Firewall / Intrusion Prevention System to control
    your network traffic from external sources

     Use Role Based Access Control – Use Access Control to reduce access to your files
    and folders used by your organizations personnel and contractors. You can also you the
    principal of used privileged to control access to only user on need-to-know access. This
    form of control will also reduce your attack surface for Ransomware
  2. Use Next-Generation Antivirus
    Normal Antivirus solutions uses the old technology by using signature files and
    may not detect newly created threats such as zero-day attacks or behavioral based
    malware. We are not saying that you should not use the current Antivirus
    technologies in fact signature-based antivirus should be used to detect any form of
    malware that Next Generation Antivirus may not have the ability to detect threats
    Your organization should utilize Next Generation Antivirus and traditional antivirus
    to close the gaps for all incoming threats. Signature based as well as behavioral
    based malware on all your endpoints
  3. Patch Management
    Many organizations forgo patch management because they think it is not
    necessary. Your organization must implement patch manage process. Patch
    management process ensures that your organization will apply all the patches
    required per vendor and your product manufacture.
    Patch management should become an automated solution to manage your
    patches for all devices in your organizations such user workstations, servers,
    network devices, custom codes, OEM software and all your endpoints.

Without a proper patch management your organization will always be at risk for
Ransomware and external attacks. Patch management should be part of your day-
to-day security operations and your other security teams.
It is crucial to automate your patch management in order to stay abreast of your
organization shortcomings such legacy devices in your environment. Patch
management is also another way to reduce the attack surface to your organization

  1. Incident Response Policy
    It does not matter whether you have small or large organizations. All organization
    must have an incident response plan available incase dealing with an attack on an
    Many states privacies policies require incident response plan in to deal with
    specific incidents. Incident response plan ensure that your organizations will have
    an advantage when an incident is detected. A proper incident response plan can
    deal with any form of attack from internal and external sources.
    You can incorporate various stages in your incident response plan such as but not
    limited to:

     Preparation
     Identification
     Containment
     Eradication
     Recovery
     Lesson learned