When it comes to protecting clients from cyberattacks, a zero-day exploit can be an MSP’s biggest enemy. A zero-day is a computer software vulnerability that remains undetected by either the vendor or the user until it is activated by the attackers. This means that, until the malware is exploited, there is no way for a security team or MSP to know that they are at risk. A patch can be issued by the vendor to correct the vulnerability, but at that point the damage is likely already done.
One example of this is Microsoft, which in June announced patches for six zero-day vulnerabilities in Windows 10 software that were actively being exploited. Microsoft said that attackers were leveraging the vulnerabilities to target attacks on companies, potentially leveraging elevation of privilege flaws to move laterally across networks towards valuable targets.
Similarly, in the same month, Google announced the discovery of a zero-day vulnerability in Chrome that was actively being exploited, and urged users of the most popular browser to update their systems. In September Google addressed two zero-day bugs, and so far Google has patched a total of ten zero-day vulnerabilities in Chrome this year.
Zero-day vulnerabilities have also been discovered in popular MSP tools, such as the RMM tools N-central from SolarWinds and ConnectWise Control. If exploited, these vulnerabilities could have directly impacted an MSP’s ability to support its clients.
Staying Up to Date With Zero-Days
An MSP is likely the first trusted advisor a client will turn to when it comes to cybersecurity threats. For that reason, MSPs should make sure they are fully informed of the latest zero-days that could impact their organization.
One place to start is the software vendors themselves. MSPs should make sure they are signed up to any available alerts for the latest patches, especially critical ones. Similarly, cybersecurity-focused media publications will also publish significant vulnerabilities and MSPs should ensure that they are aware of these in order to protect their clients.
Securing Clients Against Zero-Day Attacks
By their nature, it is impossible to be aware of a zero-day before it has been discovered or exploited (hence the name ”zero-day”!). That means there is no way to patch the vulnerability or limit its risk before it has become a potential liability.
However, there are things an MSP can do to respond quickly when a zero-day has been revealed. First, while a zero-day may be undiscovered, it is still important for an MSP to help clients roll out a comprehensive cybersecurity strategy to both limit risk to the organization as a whole, and also provide the ability to segment networks and leverage automation to rapidly limit risk if a zero-day is activated.
As part of this cybersecurity strategy, an MSP should also include technology for automated patch deployment, which can help quickly address any published zero-days with the software vendor’s patch before they affect the client organization. The goal here is to limit potential risk to the organization.
Finally, an MSP should implement a thorough incident response strategy that can prepare a client organization to respond if a zero-day is successfully exploited inside their organization. This can include leveraging technology, as well as tabletop exercises and other ways of running data breach “fire drills”, so all parties are prepared to respond in a worst-case scenario.
While zero-days are an unknown quantity, it is still up to the MSP to do their best to defend their clients and limit the risk of attack on them. By doing this, they can truly remain a trusted advisor, even as the cybersecurity landscape evolves.
About the author
Alexander is the head of marketing department at MSP360. He is an expert in IT marketing and has extensive knowledge of cloud storage services. Alexander cooperates with cloud vendors, MSPs, VARs and communicates the market needs and trends to our team.
More articles by Alexander