Following the news that new Windows zero-day exploit that’s up for sale on the dark web for $90,000. Carbon Black’s chief security strategist provides below an insight on this news.
Ben Johnson, chief security strategist, Carbon Black:
“Zero-day exploits such as this are particularly problematic, as traditional security solutions like anti-virus rely on blacklisting – they have a set of known threats that they detect, if a file doesn’t appear on their list, they let it through – so if the threat has never been seen before then this system falls down.
“This is why organizations need to stop relying on AV alone to protect their endpoints; a more sophisticated approach is needed. Whitelisting, whereby a threat is assessed against a set of policies and common characteristics to see if there is a likely issue, can help to spot this type of exploit even if it has never appeared before. This should then we combined with broader threat intelligence, where you can see if a particular file has ever been seen before; if it hasn’t, then it is likely to be zero day and hazardous. This allows organizations to get smarter about security and avoid falling into these sort of traps.”