Multiple Defenses Needed to Fight Off Zero-Day Attacks, Say Experts: "Patching software flaws is the best method of protecting systems, IT managers and analysts say. But they added that when a fix isn't available, it's vital to have multiple layers of defense in place.

[...]

The Windows animated cursor flaw that Microsoft patched last week caused widespread concern because attempted exploits of it were unleashed before the patch became available. But there are a variety of steps that companies can take to try to mitigate the risks posed by the ANI vulnerability and other so-called zero-day security threats.

The available measures aren't a sure bet, IT managers and security analysts cautioned. They added that in the end, patching a flaw is still the most reliable way of protecting systems against attackers who are seeking to take advantage of it. But deploying multiple layers of defenses is a vital element of strategies for dealing with threats for which no immediate fix is available.

For instance, Lloyd Hession, chief security officer at New York-based BT Radianz, said his company is using software from ConSentry Networks Inc. that can quickly detect compromised systems by any anomalous behavior they exhibit, instead of trying to spot infections solely by looking for virus signatures on machines.

"You need to smarten the intelligence within the local network," said Hession, who added that the ConSentry tool lets IT staffers at BT Radianz control the connections PCs can make with other systems. He said that can help lower the risk that an infected computer will spread malware across a LAN at the company, which provides telecommunications services to financial firms.

"Under the previous model, you could go anywhere in the network once you were within the network," Hession said. Now there are automated rules specifying the portions of a network that systems are allowed to access. The rules also limit the other machines that PCs can connect to based on the business needs of end users, he said.

Another way to minimize zero-day threats is to adopt strict policies for filtering out e-mail attachments, which attackers often use to try to deliver malware to unsuspecting end users.

Analysts have long advised companies to filter out GIFs, JPEGs, WMVs and other unneeded attachment types from inbound and outbound e-mails. And when deciding which attachments to allow and which to block, it's a mistake to assume that only certain types are being used maliciously, said Russ Cooper, senior information security analyst at Cybertrust Inc., a security services firm in Herndon, Va.

(Via Computerworld Cybercrime/Hacking News.)