Zero-days, the bane of organizations worldwide, is the golden goose of cybercriminals, jealously guarded and highly prized, serving to feed top-tier exploit kits and financial and political cyberespionage campaigns. Zero-days allow any number of exploits to be created, and are particularly popular for targeted spear phishing attacks. The effectiveness of such vulnerabilities has had a major disruptive impact on the security industry, rendering signature-based solutions effectively useless. The scramble has since been on finding alternative methods of dealing with zero-days. The catch of course is how to protect systems against an unknown threat?
A number of solutions have emerged around various technologies, the most popular focusing on behavioral analysis and pattern recognition. Network inspection tools analyze traffic flows and user patterns to determine if and when out-of-the-ordinary activities amount to potential zero-days exploits. This often requires a certain amount of learning, often through a machine-learning algorithm and a certain level of human input. It can also result in false-positives and is still only a reactive solution, albeit one that can take place in real-time and be incredibly fast. Other solutions rely on sandboxing everything, so that where zero-days may exist, exfiltration is simply not possible. One of the more interesting approaches I have seen recently is the one offered by Votiro, which preemptively looks to eradicate all possibility of zero-days having an effect.
Votiro effectively offers what it dubs an anti-exploit and spear-phishing protection service. The technology systematically sanitizes all attachments to emails (WordView, Microsoft Office, PDF, image and archive files, etc.) whether they may contain zero-days or not. At the email gateway, the file structure and meta-data is rebuilt before being pushed out to their final destination. This ‘sanitization’ removes any potential exploit without changing the contents. The process does not require any endpoint installation, and Votiro offers both a managed service, whereby the emails can be automatically routed directly to its cloud-based email gateway, or delivered as an SDK for proprietary application integration (to date this includes CyberArk digital vaults, Jetro and Citrix secure web-browsing, Microsoft Exchange, Milter and FTP servers, among others).
The company has made some impressive strides in cornering the market. It services Europe, North America, as well as Japan and Australia, with clients in financial services, critical infrastructure, defense contractors and government. Zero-days are a pernicious issue, and if the latest revelations of the CyberVor gang hoard are anything to go by (4.5 billion records as revealed by Hold Security just this week), then spamming, phishing and identity theft activities show no sign of abating. Alongside employee training and awareness raising, sanitizing emails may well provide considerable relief to those organizations looking to secure their data against theft.