WatchGuard Zero Day Protection
Zero Day Protection
The Most Powerful Asset in Your Network Defense System
Zero day attacks can devastate a network. These are the attacks that target application vulnerabilities that are unknown to the application's creators and for which no patch yet exists. By exploiting these vulnerabilities, attackers can enter your network to execute code. In the worst case, an attacker can exploit these flaws to gain complete control of a victim's computer.
To be protected from malicious zero day threats, you must have proactive zero day defenses already in place when the attack is launched. You get this critical level of protection with the Firebox® X family of Unified Threat Management security appliances.
What "Zero Day" is All About
There's a lot of buzz in the security industry about "Zero Day" attack protection, but vendors differ substantially in the protection they really provide.
- Zero Day threats are new or unknown attacks for which a patch or signature has not been written
- Zero Day protection, therefore, means being protected against a new and unknown threat before the vulnerability is discovered and the exploit is created and launched
Zero day protection means being protected against a new and unknown threat during the window of vulnerability timeframe.
True Zero Day Protection is Built into the Firebox® X
The Intelligent Layered Security architecture of the Firebox X combines key security capabilities able to defend against whole classes of attacks. Some of these capabilities include:
- Protocol anomaly detection Blocks malicious traffic that does not conform to established protocol standards
- Pattern matching Flags and removes high-risk files, such as .exe and scripting files, viruses, spyware, and trojans from the system by fully inspecting the entire packet
- Behavior analysis Identifies and stops traffic from hosts exhibiting suspicious behaviors, including DoS and DDoS attacks, port scans, and address scans
WatchGuard customers were protected
even before signatures were made available.
See the list below of viruses WatchGuard has stopped.
Twenty-two of the thirty most significant viruses and their variants released from 2003 to 2006 were blocked by default on the Firebox, protecting WatchGuard customers before a signature could ever have been made available.* Here's the list:
|1. Kama Sutra
||12. Bagle (Beagle)
|| 16. Bugbear.b
*Based on most commonly used method
of propagation (SMTP)
What Signatures Bring to a Security Solution
Some vendors make zero day claims but in reality their security solutions rely solely on signature-based scanning.
Signature-based security technologies fingerprint each new attack after it emerges, so protection comes when this fingerprint, or signature, is added to the system. This is not zero day protection. By their nature, signatures are reactive; they cannot protect against new, previously unknown attacks until an update is available.
Signature-based scanning provides a granular layer of protection against spyware, viruses, worms, trojans, and blended threats by identifying known malicious code within benign-looking traffic and files. But this technique is only one piece of a complete solution. You need zero day protection combined with robust signature-bases scanning to have comprehensive Unified Threat Management.
The Window of Vulnerability
Signature-based solutions block what has already been identified. Your network is still exposed from the time a new exploit has been launched until a signature or patch is developed and then deployed.
Considering the speed and destructiveness of today's attacks, even a few minutes without protection can be devastating. The reality is, it can sometimes be hours, days, even weeks before a signature or patch is developed and deployed, making this window of vulnerability every IT manager's nightmare.