Blog

Vordenkerrolle

Funde von Bedrohungen

N-Day vulnerabilities: minimizing the risk with Self-Learning AI

N-Day vulnerabilities: minimizing the risk with Self-Learning AIStandard-BlogbildStandard-Blogbild
28
Jul 2022
28
Jul 2022

Responding to the latest critical vulnerability has become a regular routine in the daily life of cyber security professionals.

In the last two years, there has been a carousel of patches for vulnerabilities affecting email servers (ProxyLogon), remote working infrastructure (Atlassian Confluence), third party tools (Kaseya), and supply chain software (Log4j).  

In the days following the public disclosure of such vulnerabilities, any associated exploit is referred to as an “N-day”. The release of a patch marks day 1, but over the following days any unpatched systems are at risk of attack from exploits which target the vulnerability. This contrasts with zero-day attacks, which exploit vulnerabilities for which no patch is available, often because knowledge of the vulnerability isn’t yet in the public domain. 

N-days occupy a unique space in cyber risk analysis. Headline-grabbing zero-day attacks have the potential to be high impact, but in reality such attacks are rare and have a low likelihood. A more common cyber-attack, using commodity malware which has been well documented in the wild, may have a high likelihood but will have a low impact when faced with a mature security stack. But in the hours and days following the publication of a new vulnerability, there is a high likelihood of a high impact attack against an organization which makes use of a new exploit.

Table 1: A potential qualitative risk analysis comparing three cyber risks: a threat group targets an organization using either commodity malware, a zero-day exploit, or by leveraging an N-day vulnerability.


After a critical vulnerability is published, security teams battle against time and resourcing constraints to apply the appropriate patch or patches, all the while trying to protect assets without a playbook of what an attack may look like. Darktrace has found that 85% of high-risk vulnerabilities are not patched within one week and 70% remain unpatched after a month. In the meantime, threat groups have become armed with a new attack method: an N-day exploit. 

In their latest research, Darktrace’s Inside the SOC team detail how the techniques used by Self-Learning AI to detect zero-day attacks can also be leveraged by organizations to Detect and Respond to N-day attacks.

But with Darktrace PREVENT, defenders can go one step further, enabling security teams to harden defenses before the next attack vector is even published. 

The Darktrace PREVENT product family empowers defenders to model likely attack paths, intelligently prioritize critical servers or highly exposed people in the organization, and test vulnerable pathways by emulating real-world attacks. Darktrace PREVENT then feeds data back into Darktrace DETECT + RESPOND to harden defenses around critical attack paths or assets and further enhance cyber resilience. For example, if Darktrace PREVENT discovers that a critical database is serving high-risk users, it can feed that information back into Darktrace DETECT, which in turn increases the level of scrutiny around that asset. 

Figure 1: Visualising Darktrace’s technology vision of a Cyber AI Loop: four interconnected AI engines continuously enhancing each other’s capabilities. 


While Darktrace DETECT + RESPOND wrap what amounts to an ‘AI safety blanket’ around vulnerable assets and attack paths, Darktrace PREVENT presents prioritized recommendations for long term risk mitigation. Stretched security teams therefore know, based on Darktrace’s deep and evolving understanding of the entire business, where to focus their time and resources in order to reduce risk to the greatest extent. 

As a result, when the next N-day vulnerability comes around, defenders have the confidence that any prospective impact has already been minimized and the potential cyber risk is low.

More in this series:

Keine Artikel gefunden.

Sie mögen das und wollen mehr?

Erhalten Sie den neuesten Blog per E-Mail
Vielen Dank! Ihre Anfrage ist eingegangen!
Huch! Beim Absenden des Formulars ist etwas schief gelaufen.
EINBLICKE IN DAS SOC-Team
Darktrace Cyber-Analysten sind erstklassige Experten für Threat Intelligence, Threat Hunting und Incident Response. Sie bieten Tausenden von Darktrace Kunden auf der ganzen Welt rund um die Uhr SOC-Support. Einblicke in das SOC-Team wird ausschließlich von diesen Experten verfasst und bietet Analysen von Cyber-Vorfällen und Bedrohungstrends, die auf praktischen Erfahrungen in diesem Bereich basieren.
AUTOR
ÜBER DEN AUTOR
Oakley Cox
Analyst Technical Director, APAC

Oakley is a technical expert with 5 years’ experience as a Cyber Analyst. After leading a team of Cyber Analysts at the Cambridge headquarters, he relocated to New Zealand and now oversees the defense of critical infrastructure and industrial control systems across the APAC region. His research into cyber-physical security has been published by Cyber Security journals and CISA. Oakley is GIAC certified in Response and Industrial Defense (GRID), and has a Doctorate (PhD) from the University of Oxford.

ANWENDUNGSFÄLLE
PRODUKT-SPOTLIGHT
Keine Artikel gefunden.
COre-Abdeckung
Keine Artikel gefunden.
Dieser Artikel
N-Day vulnerabilities: minimizing the risk with Self-Learning AI
Teilen
Twitter-LogoLinkedIn-Logo

Gute Nachrichten für Ihr Unternehmen.
Schlechte Nachrichten für die Bösewichte.

Starten Sie Ihren kostenlosen Test

Starten Sie Ihren kostenlosen Test

Flexible Lieferung
Sie können es entweder virtuell oder mit Hardware installieren.
Schnelle Installation
Nur 1 Stunde für die Einrichtung - und noch weniger für eine Testversion der E-Mail-Sicherheit.
Wählen Sie Ihre Reise
Testen Sie selbstlernende KI dort, wo Sie sie am meisten brauchen - in der Cloud, im Netzwerk oder für E-Mail.
Keine Verpflichtung
Voller Zugriff auf den Darktrace Threat Visualizer und drei maßgeschneiderte Bedrohungsberichte, ohne Kaufverpflichtung.
For more information, please see our Privacy Notice.
Vielen Dank! Ihre Anfrage ist eingegangen!
Huch! Beim Absenden des Formulars ist etwas schief gelaufen.

Demo anfordern

Flexible Lieferung
Sie können es entweder virtuell oder mit Hardware installieren.
Schnelle Installation
Nur 1 Stunde für die Einrichtung - und noch weniger für eine Testversion der E-Mail-Sicherheit.
Wählen Sie Ihre Reise
Testen Sie selbstlernende KI dort, wo Sie sie am meisten brauchen - in der Cloud, im Netzwerk oder für E-Mail.
Keine Verpflichtung
Voller Zugriff auf den Darktrace Threat Visualizer und drei maßgeschneiderte Bedrohungsberichte, ohne Kaufverpflichtung.
Vielen Dank! Ihre Anfrage ist eingegangen!
Huch! Beim Absenden des Formulars ist etwas schief gelaufen.