WikiLeaks withheld the source code for the CIA hacking tools. One might wonder though, what could happen if WikiLeaks did publish this code?
I allege that with only a few minor changes in organizational IT behavior and the use of security automation, most zero day attacks can be converted from PR catastrophes into mere nuisances.
This week at RSA Conference 2015 Lieberman Software is exhibiting technology to automatically invalidate credentials stolen by zero-days. In doing so, cyber attackers are forced to continuously launch zero-day attacks on every system, because the attempt to steal credentials and move laterally from system to system is thwarted.
If you’re providing each privileged account on your network with its own unique and complex password, and then changing these passwords very frequently, you’ve blocked an intruder from moving laterally. Even though a zero day attack can still compromise one of your machines, the attack can’t expand.
Cyber-defense today is not about stopping intrusions. It is about creating architectures and processes that minimize losses and limit how far into the network intruders can go after they do manage to penetrate the perimeter with zero day attacks and similar exploits.