View Larger   Negative Day Threat Detection Zero Day is Not Enough Zero day threats arrive with no warning and no time to get patches installed or to update attack signature files. A respected study revealed that the time required by operating system vendors to provide patches for known vulnerabilities ranges from 8 days to over 150 days, and that does not take into consideration that time that enterprises require to test and install the patches.¹

Until now, the only way to deal with zero day attacks was to install preventive security products that examined anomalous behavior in network equipment, operating systems and applications. But these solutions have proven only partially effective, and the number of successful breaches continues to mount out of control. For example, a recent survey concluded that 79 percent of IT practitioners in the United States report that their organization has experienced one or more data breaches involving the loss or theft of information about individuals.²

Solera Networks takes an entirely different, but complementary approach that enables network administrators to figuratively reverse time in order to achieve "negative day threat detection". Because Solera Networks active network forensics solutions capture everything that traverses the network, security personnel can swiftly check backwards through the data to see if any attack succeeded before the vulnerability was made known, and before any patch or fix was installed. If anything is discovered, they can assess the damage and check to make sure that the subsequent patch would have been effective had it been installed in time. Without Solera Networks, administrators only know that a patch was installed at a particular time and can only hope that there was no attack before the patch was installed.

Negative Day Threat Detection is a breakthrough in security technology because it lets administrators identify anything that crossed the network prior to a security update, patch install or system change. This capability enables them to not only go back and fix the problem but also to determine whether an attack succeeded - and if so, what was compromised. Having such information can prove crucial for regulatory compliance or litigation alleging negligent behavior. For example, Negative Day Threat Detection could prove that a specific attack would have succeeded even if a patch was already installed or the configuration improved. Alternatively, Negative Day Threat Detection could also prove that a patch is in fact working against a recent type of attack.

With Negative Day Threat Detection, you can see if you were infected before you patched. Here's how it works:

¹ Symantec Global Internet Security Threat Report Volume XIII April 2009

² Ponemon Institute "Uncertainty of Data Breach Protection" 2008