Protecting Against Zero-Day Exploits | Network Security Measures

Equipment to Guard Against Unknown Threats

Prev Question Next Question

Question

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits.

The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity.

The network is mostly flat, with split staff/guest wireless functionality.

Which of the following equipment MUST be deployed to guard against unknown threats?

Answers

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates

B. Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs

C. Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs

D. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Zero-day exploits are attacks that take advantage of vulnerabilities in software or hardware that are unknown to the vendor, and for which no patch or update is yet available. The Chief Information Security Officer (CISO) is right to be concerned about such attacks, as they can be particularly devastating and difficult to defend against.

To protect against zero-day exploits, the organization needs to deploy equipment that can detect and prevent such attacks. Let's examine each of the proposed solutions in detail to determine which one is the best fit for the organization's needs.

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates This solution is not ideal for protecting against zero-day exploits because it relies on traditional signature-based detection. Antivirus software can only detect known threats and will not protect against unknown attacks, such as zero-day exploits. Additionally, running the antivirus solution as a local admin could pose a security risk.

B. Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs While this solution can help protect against data breaches and other security risks, it does not specifically address the problem of zero-day exploits. Zero-day exploits can still affect the VDI environment, and the organization would still need to implement additional measures to protect against them.

C. Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs This solution is a good choice for protecting against zero-day exploits. Host-based heuristic IPS uses advanced behavioral analysis to detect and prevent attacks that traditional signature-based detection methods would miss. Segregating the IPS on a management VLAN and giving it direct control of the perimeter firewall ACLs provides an additional layer of protection.

D. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed. This solution is also a good choice for protecting against zero-day exploits. Behavior-based IPS

Prev Question Next Question