Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches.
Rarely a month goes by without the infosec industry being plagued by a new zero-day apocalypse.
Most recently in December 2021, the world was swept by a series of vulnerabilities in Log4J – a popular logging system used by thousands of systems around the world. While writing this article, the industry is dealing with yet another path-traversal vulnerability in a Centos Web Panel (CVE-2021-45467), and online play of the popular video game Dark Souls has been halted while they deal with a remote code execution vulnerability in the game.
However, by giving zero days a disproportionate amount of attention, we lose sight of the fact that most organizations aren’t being breached via a zero day.
Microsoft, Google, Apple and others frequently release fixes for vulnerabilities “under active attack.” Vulnerabilities in Log4j, or the myriad of network device flaws discovered in the last three years against F5, Citrix, Palo Alto and SonicWall, consume news cycles because the affected systems are used in large corporate infrastructure. This means compromise of