What is a zero-day exploit?
At this point, you have probably heard the term "zero-day" exploit or virus. But what is it and what does it mean to you and your business? A zero-day exploit is an attack or virus that exploits an unknown security vulnerability or a flaw in a computer's operating system or software. If a virus or malware is developed to exploit that flaw, there aren't patches or workarounds to stop the virus once it has been released. This allows the virus to spread quickly.
If you have been watching the news this week then you have certainly been hearing a lot about the WannaCry ransomware attack infecting computers around the world. WannaCry is an example of a ransomware cyberattack where the virus spreads across your local networks to computers that have not been updated with the most recent security updates and directly exposes those systems to the attack. In this case, one of the worst and widest spread ransomware attacks to date.
How do you prevent a zero-day attack?
Many of these zero day attacks come in via e-mail. Either in an attachment or through a link in the e-mail that a user can click on. So, the obvious question is....if the software vendor doesn't know they have a vulnerability and they haven't released a patch yet, how can you stop a zero-day attack?
One word: Sandboxing
Sounds fun, right? We'll it kind of is. E-mail sandboxing is a relatively new technology that automatically takes an attachment or link in an e-mail and "detonates" it in a virtual environment. Let's say someone has sent you a PDF that contains malicious code. Before the email reaches your inbox, the PDF is opened in a virtual system. The PDF's behavior is analyzed for malicious activity and detects if the attachment downloaded something, tried to encrypt files, or if it tried to delete the contents of the hard drive. If any malicious activity is detected, the attachment isn't delivered and the recipient is notified. If nothing malicious is detected, the e-mail with attachment is delivered. The same would apply for any URL links contained in the e-mail.
This all sounds great, but doesn't it delay the delivery of e-mail? Yes, it does, but not for very long (assuming you pick a best of breed solution). Generally users can expect a 2-3 minute delay to open an email attachment. Access links in email is almost instantaneous. The short delay is a small price to pay for protection against productivity and data breaching malware that can cripple the recipient and then go on to spread across your entire network, infecting all your users.
How do you get this technology?
Microsoft offers this technology in a product called Advanced Threat Protection.
What about cost? It sounds expensive.... Well it's not. You can add Microsoft's Advanced Threat Protection to any Exchange Online or Office 365 Plan that contains Exchange Online for $2 per user. This makes it VERY cost-effective to protect your users in Office 365. Especially compared to the cost of downtime you might incur from malware & viruses.