Table of Contents
What is a Zero-Day Threat?
A zero-day threat (also sometimes called a zero-hour threat) is one that hasn’t been seen before and doesn’t match any known malware signatures. This makes it impossible to detect by traditional signature-matching solutions. It may exploit a previously unknown software vulnerability (sometimes called a zero-day vulnerability), or it may be a new malware variant delivered by traditional means.
In the days when signature matching was the only strategy available for detecting malware, every new, zero-day threat would claim at least one victim (and often many more). Once a network had been successfully penetrated and affected by the malware, security organizations would collect a sample, analyze it to create a signature file, and then distribute an update for antivirus products to be able to identify it.
Why Zero-Day Threats Are Important
What You Can Do
Today, however, while signature matching remains a critically important tool, more advanced techniques are available for detecting zero-day threats before they have a chance to do any damage or infect any victims. One common technique is sandboxing, or sandbox analysis, in which suspicious emails and files can be “detonated” in an isolated test environment to make sure they are safe before they reach you network.
Unfortunately, sandboxing is relatively resource-intensive and time-consuming. Running all traffic through sandbox analysis is impractical. A more successful and workable approach is to use multiple, sequential analytic techniques to pre-filter traffic, so that only a very small percentage of files are analyzed in a sandbox environment.
How Barracuda Can Help
Barracuda Advanced Threat Protection is a cloud-hosted service available as an add-on subscription for multiple Barracuda security products and services. It uses signature matching, heuristic and behavioral analysis, and static code analysis to pre-filter traffic and identify the vast majority of threats. Finally, it feeds remaining suspicious files to a CPU-emulation sandbox to definitively identify zero-day threats and block them from reaching your network. Advanced Threat Protection can be added to the following Barracuda products: