SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

START FREE TRIAL

3 Steps to Manage Vulnerabilities. Lessons from Surviving a Zombie Infestation.

ByDena DeAngelo October 30, 2019

Whether you’re scoping out your strategic survival plan in the event of a potential Zombie Apocalypse or drafting up your company’s security strategy, outlining some key rules of engagement will help increase your chances for a healthy outcome. In either scenario, early detection and advance preparation will ensure your best chance for survival.

While many theories on the origins of zombies exist, one of the most credible is that of the contagion Solanum, a virus that travels through the bloodstream to the brain infecting its host. It is thought that the virus is able to replicate using the cells of the brain’s frontal lobe, destroying them in the process.

This results in the cessation of all bodily functions while the virus mutates the alive yet dormant brain into an organ that can survive independent of oxygen. A new organism, a zombie, is created able to function, seeking out human flesh on which to feed its ravenous appetite.

Malicious software is not much different than the virus mentioned above. Malware is used to infect computer or network operations, steal sensitive data, and in general wreak havoc on targeted systems. A small code snippet inserts itself into an application and when it runs, the virus code is executed, replicating itself similar to a biological virus. Cybercrime coalitions who compile data on malware and data breaches have determined that nearly a third of the world’s computers have been infected at one time or the other.

The distinguishing feature of a virus is that it needs to infect
other programs/humans to operate

3 “Anti-Zombie” Steps

1. Avoidance/Prevention

As you might guess, the presence of zombies renders an area uninhabitable. Get the hell out of there if you can, gathering essential survival supplies in the event of a lengthy absence. It could be weeks or even months before an area might be cleared for re-entry.

To prevent online vulnerabilities, you can take a few simple steps to reduce your chance of infection:

  • Benchmark testing against the OWASP top 10 vulnerabilities.
  • Prevent false alarms by making sure you are using an AppSec solution that only reports actual application vulnerabilities.
  • Do not use default passwords from manufacturers. Change them the minute you install new hardware or systems.
  • Use complex passwords. Simply having a password that is at least 10 characters long will help harden your security. Even if not prompted, change your password 2-3 times a year.
  • Keep security software up-to-date. Install patches on a regular basis.
  • Restrict Network Access to trusted hosts and networks.
  • Prevent Phishing and other email-borne infections by training employees on current best-practices and policies, such as deleting suspicious attachments.
  • Use Multi-factor authentication (MFA) if possible.
  • Configure your spam filters for maximum coverage.

2. Termination/Remediation

The best zombie is a dead zombie. While you might be equipped with the most technologically advanced weaponry, a simple garden hoe could suffice in neutralizing the threat. Non-effective termination methods include any trauma to the upper or lower extremities. While a blow to the chest or severing a leg or two might stop or slow a zombie down, these methods remain ineffective in your core objective: complete and utter extermination.

The only known methods for effectively killing a zombie is either cranial penetration (especially to the frontal lobe), blunt force trauma to the head (go for full-on pulverization if you can, but stand clear of any eruptive fluids), or decapitation.

To prevent a “cyber zombie” attack use instrumentation. Unlike legacy static (SAST) and dynamic (DAST) AppSec tools, instrumentation continuously monitors for security issues from within running applications in real-time. This enables organizations to instantly find more application security vulnerabilities more accurately than traditional legacy tools.

3. Disposal/Mitigation

The disposal of a “dead” zombie should be handled with caution as much as any hazardous material. Use protective masks and gloves, being careful to cover any open wounds as infection can occur through any fluid exchange. If you can, remove the head just as an extra precaution, because you know…zombies.

Do not attempt to incinerate any remains as this may release airborne toxins. Your best option is to use waterproof material such as a tarp or heavy plastic to seal the remains prior to burial. If you have access to duct tape, use it— liberally.  Be sure to find a safe spot for the grave, away from any water source should seepage of body fluids occur. And dig a hole at least 4 to 6 feet deep to prevent scavenging animals from digging up any remains. While animals have been shown to be immune to Solanum, no one needs to see a half-eaten putrefied farmhand with a hatchet stuck in his sternum.

But don’t let that worry you. If your computer system is breached, you can start with these tactics* to minimize exposure and further compromise:

  • Whether deployed in development, QA, or in a “live” production environment, make sure you have an integrated security solution that allows you to send vulnerability data to tools that you are already using such as bug trackers for fast remediation.
  • If only a few systems are infected, immediately disconnect them (physically) from your internal network to prevent and contain the infection. If this cannot be accomplished in a timely manner or more than a few systems are infected and you have not implemented strong firewall egress filtering and proxy servers, immediately block ALL outbound traffic to external networks.
  • Implement filters on internal routers, firewalls and other networking equipment as appropriate to isolate infected segments and to monitor network traffic to ensure internal containment or identify how this infection is spreading and which hosts are infected.
  • Monitor all network traffic in order to address possible multifaceted attacks.
  • Review appropriate log files to attempt to identify the first system infected and what the attack vector was if possible.
  • It is vital to determine if any of the infected systems successfully connected to any site on the Internet and what information, if any, was exposed.

Happy Halloween 2019! – No Tricks, All Treats

Treat yourself to Contrast Community Edition (CE), our forever free and full-strength application security platform that provides “always on” IAST, RASP, and SCA for Java and .NET Core applications and APIs.

The Contrast CE solution is designed to help small teams building .NET or Java applications and APIs protect against a broad range of security flaws, including the Open Web Application Security Project (OWASP) top 10 vulnerabilities.

Don’t lose your head Download your Free Contrast CE today!

Dena DeAngelo

Dena DeAngelo

Dena has over 20 years of Marketing experience in Silicon Valley having worked with a variety of Start-Ups and Fortune 500 companies and clients. She’s well-versed in all things Marketing, including content, branding, sales enablement, and product promotions.

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook