How to Avoid Zero-Day Attacks in Networking Equipment

"The question is not if you get hacked, but when," said Robert Rogenmoser, CEO Securosys, at the Swiss Economic Forum on 06/09/2016 in Interlaken.

The detection of software vulnerabilities in network components is a difficult task. Moreover, whoever has identified such a software bug will thoroughly consider what to do with this newly acquired piece of knowledge. Ideally, this researcher would inform the software manufacturer to develop and deploy a patch in a timely fashion to eliminate this vulnerability quickly. Afterwards, he might present the findings to the scientific community or inform the media accordingly.

Unfortunately, not all researchers stick to this process. The interest in vulnerabilities that would allow mounting zero-day attacks is and always has been substantial. Until a few years ago, it was up to the intelligence community exclusively to team up with the relevant export-oriented technology industry, as we have learned from Ed Snowden’s revelations. Meanwhile, however, law enforcement and prosecutors on behalf of terror prevention have been showing increased interested in the exploitation of security holes as well. Once they are in possession of tools that allow them to penetrate into protected networks of suspicious subjects, it is also in their best interest to keep such vulnerabilities confidential.

Recent revelations informed us about previously unknown vulnerabilities in devices from US-based companies Cisco, Fortinet and Juniper, and China-based Topsec. Apparently, the malicious code for the exploits stems from the American intelligence agency NSA.

Many CEOs and CIOs might argue: "So what? Why should I bother whether the NSA or Europol would read my data? In fact we have nothing to hide!"

This might well be true, but the question is not whether you have something to hide, but rather, whether you possess something worthwhile to protect. In fact, the alleged NSA code for exploiting unknown vulnerabilities has been offered for sale by an unknown group called “Shadow Brokers”. These tools are interesting to criminals, who are constantly looking for ways to penetrate protected networks to gather confidential information and to profit from them, too.

If you want to protect against zero-day attacks here is our advice: Stay away from state-infiltrated hardware and software. Rather bet on products for which security is not an add-on feature of complex software, but part of a sound architecture, and which is verifiably reliable.

You will find that kind of products at Securosys –for the sustained protection of your most valuable data.

Andreas Curiger, CTO/CSO Securosys