To a security administrator, the phrase "zero-day attack" creates an important question: Is the network in question prepared to counterattack any threat? Unfortunately, in many instances, the answer is no, simply because many security products and solutions are not equipped to deal with an unidentified attack.
Exploit Prevention Labs (XPL) aims to provide that final line of defense against zero-day attacks with SocketShield, a software security product that monitors all incoming and outgoing IP traffic.
SocketShield uses a new approach to combating exploits and overcomes the usual problems associated with other technologies, such as firewalls that tend to be blind to many security threats because exploits often use trusted browser connections. Also, many antivirus and antispyware programs on the market detect exploits after the damage has been done, which usually is because the signature databases are updated after a zero-day attack.
SocketShield overcomes these obstacles by integrating several different technologies to protect a network system. Initially, XPL's product is tied into a network of automated probes that detect the latest exploits and help to build an exploit repository. Then, the product uses a "site-reputation filter," which compares sites visited with a scored list of rated sites. This feature prevents users from visiting phishing sites.
All of the human and automated exploit information that is gathered into reports comes together in realtime, thanks to XPL's Correlation Engine. Every user of SocketShield is automatically tied into the community intelligence network, bringing the power of thousands of exploit scanners together to beat threats.