What is the Zero-Day Attack?
Before we dive into the topic of Zero-Day Attack, let’s take a look at the three common cyber security terms used when discuss about Zero-Day and it would help to better understand the difference,
- Zero-Day Vulnerability
It is a software vulnerability that is discovered by the attacker before the security engineer knows about it.
- Zero-Day Exploit
Unknown vulnerabilities exploited by the hackers previously.
- Zero-Day Attack
The Zero Day Attack happens when vulnerabilities found in the system weren’t discovered by the software developer or security engineers but the attackers know about it and take advantage to exploit the software with no solutions.
The Zero-Day attack is a loophole for any hackers to enter into a system and it needs to be fixed as soon as the security engineers are aware of the incident. It may take months or even years to know about the Zero-Day exploits which occured because of Zero-Day vulnerability. There are some prevention measures which help to prevent this attack, including scanning the traffic flow, code reviews and using malware detection tools. However, the Zero day attacks can easily bypass anti-virus software which can only detect the known threats.
How Zero Trust Model in X-PHY SSD Fight Against the Zero Day Attack and Other Cyber Threats?
The Zero Trust model was created in 2010. It is about eliminating the trust and not about making the system trust the user. This is a concept centred on the belief that the corporates must verify anything and everything that is connected to the system within or outside it’s perimeter.
As cyber attacks become more sophisticated, it forms pressure among CISOs, CSOs, CIOs and other executives to implement a zero trust model to protect their corporate data. In traditional security, the SSD trusts the traditional default user. Even if an unknown person initiates the cloning attack or any ransomware attack in the system. The SSD does not react and lock itself. With the X-PHY SSD, the ransomware attacks are recognised using behaviour based detection. The pattern of the ransomware is detected using the AI technology embedded in the SSD. It will lock it up immediately once it detects the ransomware attack pattern. It follows the principle, “Never trust, always verify”.
Here are a few core principles of zero trust model that is implemented in X-PHY’s SSD,
1: Strict evaluation of access controls
The X-PHY’s tool is used to monitor the SSD’s performance and enable/disable security features like ransomware prevention, cloning prevention and such. To access the tool, the user needs to password verify before accessing the tool which controls the X-PHY’s function. To prevent any incidents, the multi-factor authentication is used to make any important changes in the tool. Once logged in, the 2FA authentication needs to be completed. For X-PHY SSD, the time-based random key from Google/Microsoft Authenticator is used as the two-factor authentication.
For making any changes to the security features, need to verify the password and the OTP sent to the authenticator.
2: Variety of prevention techniques
Using AI and machine learning techniques, the patterns of previous malware are being examined and used to improve the detection of unknown threats/ransomware. Once the ransomware is initiated in the system, the X-PHY detects by recognising the read, write and over pattern.
After the detection, the SSD locks itself from the further read/write access. No one can read the data inside the SSD while it’s locked. The X-PHY mobile app needs to be connected to the SSD by the legitimate user, via the BLE gateway to unlock the SSD.
3: Real-time monitoring to identify malicious activity.
In order to implement the zero trust model in any devices, real time monitoring plays a key role. It minimises the damage caused by the attacker and helps to identify the digital footprints of the malicious actions initiated towards the system. The X-PHY windows tool and the mobile have activity logs that record the attack types, SSD lock/unlock timing and many more.
Even during the thermal attack or physical attack, the activity log is monitored and stored. Once it is connected back again to a system, the log can be viewed. For the rapid purge, all the data inside the SSD is deleted excluding the activity log. This log is helpful for forensic analysis during a cyber attack.
4: Alignment with broader security Strategy
The endpoint security is as important as the border security, it helps to monitor, detect and respond to the incidents better to ensure everything is safe.
With the X-PHY’s SSD installed in the users PC and in one enterprise security management controller’s/Security Engineer’s PC at the Security Operation Centre in the company, you can prevent the ransomware attacks and it helps to secure all the endpoints from the Zero day attacks.