How To Identify, Contain, and Remediate Zero-Day Risks, and Get back to Your Day Job in 30 Minutes

WannaCry, Log4j, Follina, Spring4Shell — these incidents send shivers down the spines of anybody who works in IT or security.

Zero-day vulnerabilities are unknown or unaddressed exploitable software or hardware security flaws that are typically unknown to the vendor and for which no patch or other fix is yet available. They have the potential to derail an entire organisation or even entire industries, as hackers are able to discover these flaws before they are fixed or patched, which gives them the capability to attack a system and steal crucial organisational data.

By the time the organisation discovers the flaw, it’s too late, and teams then have “zero days” to fix it before the attack happens.

Organisations are managing more endpoints than ever before, with the number of zero days increasing by 50% between 2022 and 2023. According to Tanium, 94% of organisations lack visibility into 20% or more of their endpoints. More devices mean an increased attack surface, with each device representing a potential entry point for attackers. What’s more, as the devices operate in diverse environments (such as remote workstations or BYOD policies), security controls are harder to maintain consistently.

The status quo isn’t sufficient to manage zero-day exploits

A typical legacy IT environment is not well equipped to deal with a zero-day vulnerability:

• Lack of awareness: Many IT teams don’t even have accurate, real-time access to the number of endpoints in their environment, let alone a view of the vulnerabilities that exist across the infrastructure. Since zero-day vulnerabilities are unknown to the organisation, detecting and mitigating them proactively is all the more difficult because there is no automated, real-time data on endpoints.
• Delayed response: Once a zero-day vulnerability is discovered, developing and deploying patches across all endpoints is a time-consuming process that leaves systems further exposed and for longer periods of time.

It’s time to get back to your day job quicker. Instead of taking weeks or even months to identify, contain, and remediate zero-day risks, IT and security teams can instead get the job done in as little as 30 minutes and return to their day jobs or back to enjoying their weekend.

With Tanium, you have the visibility, data, and control to get zero-day risk under control fast

• Understand exposure: 80% of exploitable vulnerabilities are published before a CVE is published. In this aspect, malicious actors have a head-start while organisations wait to run their scans. With Tanium’s real-time visibility, there is no need to wait. Tanium provides real-time visibility into all endpoints across an organisation, enabling rapid identification of assets that are affected. The live data collection from endpoints can ensure the security team has the most updated information to make informed decisions. When seeking to very quickly understand the level and nature of the exposure once a zero day is uncovered, speed and accuracy are the two single most important factors. With the ability to run instant queries across the entire network, having an up-to-date inventory is crucial to identify the systems affected by a zero-day exploit.
• Report quickly: Tanium can generate automated reports for IT and security teams based on predefined and customisable criteria, ensuring that stakeholders receive timely updates on the status of the zero-day exploit and what’s being done to resolve it. The integration with threat intelligence feeds further aids in quick identification and reporting, and having centralised control over the entire endpoint environment makes coordination of response efforts and subsequent report generation much easier.
• Mitigate before the patch is created: To minimise the impact, organisations should begin patching the vulnerabilities as soon as they can. They should start with external-facing parts of their IT infrastructure first, such as their website, before shifting their focus to internal systems. Zero-day advisories typically contain mitigation steps that, when performed, will prevent the threat from being exploited. Those steps are often built into a patch by the relevant vendor several weeks later; however, in the meantime, organisations are left hoping that a bad actor does not happen to come knocking. Tanium is able to implement the raw mitigation steps across the estate in minutes, providing a level of confidence that the threat has been contained until a more formal patch is released in due course.
• Reduce MTTR (mean time to remediate): With Tanium, CISOs have reduced their mean time to investigate (MTTI) threats by 90%, reduced their mean time to remediate (MTTR) threats by 90%, and achieved 99% security tooling coverage across their modern endpoint environments. In zero-day exploit situations, when time is absolutely of the essence, and most organisations are scrambling to recover information and understand exposure levels many hours, days, or weeks after the actual attack, this improved MTTR is mission-critical to ensuring you can return to your day job with speed, confidence, and accuracy.

Sleep better at night and enjoy the weekend with confidence knowing that Tanium equips you with visibility, data, and control when managing a zero-day exploit.

Know about zero days first with Tanium Guardian

“With Tanium Guardian, any zero-day vulnerability that occurs, we send you a notification to inform you that there’s something out in the wild and inform you of your level of exposure to it,” said Harman Kaur, VP of AI at Tanium, during a recent interview with Six Five On The Road. “We have that real-time data to be able to query your endpoints proactively, which can tell you your level of exposure. Then we give you a remediation path, which is all automated into a Simple Smart Action, which is ready for you to quickly deploy in a responsible, ring-based approach. It goes on to test and propagate it throughout the entire environment, and it’s all in one place — from notification to action.”

Real life example: Tanium’s Australian customer Regis Aged Care resolves a potential zero-day attack in minutes

Mazino Onibere, Head of Cybersecurity, Risk and Compliance at Regis Aged Care, an Australian aged care provider, uses Tanium for real-time visibility into its endpoints and workstation patching compliance.

Mazino recalls a time when he was attending a conference and received a message about a zero-day vulnerability that had the potential to threaten Regis Aged Care.

“I stepped away from the event, found a quiet spot, and called my team. We then logged into Tanium to query all endpoints and determine our level of exposure,” says Mazino. “Within minutes, we had accurate, real-time visibility of our exposure across all endpoints. Not only did we have visibility, but we were also able to package the recommended mitigation for deployment to all vulnerable endpoints. Following the emergency change process, we deployed the fix at scale. Within 30 minutes, I was able to rejoin my colleagues at the event and enjoy the remainder of my day with confidence.”

Find out more about Tanium’s suite of products that help manage zero-day exploits fast to get you back to your day job in no time:

• Gain visibility, control, and remediation for all endpoints with Tanium Converged Endpoint Management (XEM)
• Identify vulnerability and compliance exposures within minutes across widely distributed infrastructures with Tanium Comply
• Get proactive about security and protection with Tanium Guardian

To learn more about how Australian CIOs can effectively transition away from legacy vulnerability systems, download Tanium’s new whitepaper — Redefining Vulnerability Management: Transforming Legacy Approaches for Modern Cyber Resilience.