A controversial thought: when you really get down to it, application vulnerabilities aren’t a threat to your business. In a world of fairness and honesty, the flaws in the software you use would be harmless.
The problem isn’t the vulnerability. It’s the exploit.
An exploit is the thing we’re really trying to avoid. It’s the threat in its purest terms. When an attacker exploits a vulnerability to install malware, steal data, or simply disrupt critical systems, that’s when the vulnerability damages your business.
Before then, it’s just a point of weakness that could lie dormant for months, or even years on end. A risk, but not a threat.
So, if an exploit is the real threat, what role does an exploit detection system play in fighting application vulnerabilities? Could it be the ultimate answer to the real problem?
What is exploit detection?
Exploit detection is like anti-virus software for exploits. In many cases, it is available as part of an anti-malware and anti-virus software suite (including Malwarebytes Anti-Exploit Premium and the Trend Micro Smart Protection Suites).
Using similar methods to an Intrusion Prevention or Detection System (IPS or IDS), an exploit detection platform analyses traffic in your environment to find indications of an exploit in progress.
Crucially, exploit detection systems can identify known exploit kits (like Neutrino and Blacole) and unknown kits alike. As a result, you get blanket coverage for every potential exploit. This malicious traffic is then filtered out and effectively blocked from continuing to your critical systems.
As a result, you can:
- Achieve a level of protection until a patch is available
- Protect legacy and End-of-Life (EoL) software
- Remove malicious traffic from your network
Sounds good, right? There’s no doubt about it – exploit detection is an impressive answer. But only to a very specific problem.
Patching blocks every exploit at once
Exploit detection can stop an exploit from taking place. But the problem is that exploits aren’t a static list.
While an application remains vulnerable, the number of potential exploits grows exponentially. With every day that passes, attackers will continue to seek out new ways to exploit your point of weakness.
You can focus on exploit detection and fight them off one-by-one. Or patch the software to eliminate every exploit, now and in the future. Fundamentally, that’s the difference – exploit detection protects you against the exploits you’re facing right this moment.
Is exploit detection the answer to application vulnerabilities? No. It’s an answer to exploits. A stop-gap that’s worth strongly considering. A useful tool to add to your network security arsenal.
It’s another layer in your defence that should work alongside robust patching. Not replace it.