Search Rocket site

What is a Mainframe Zero-Day Vulnerability and How to Protect Against It

Heidi Losee

October 23, 2019

Let’s start with the basics: What exactly is a mainframe zero-day vulnerability? Simply put, a zero-day vulnerability is a software security flaw that may or may not be known to the software vendor and a patch has not been issued.

These vulnerabilities can crop up inadvertently for any number of reasons. Perhaps a vendor released new software, or a software update, that unknowingly has a new vulnerability in it.

Regardless of where they come from, zero-day vulnerabilities present a serious risk to the entire IT environment. In this blog, we’ll talk about those risks, and how organizations can guard against them.

What happens when zero-day vulnerabilities are exploited?

There are a few reasons why security zero-day vulnerabilities are a serious risk. Once they are exploited, zero-day vulnerabilities may result in compromising an entire system. They’re particularly dangerous because, by definition, no patch has been issued that would allow a quick resolution to the security flaw.

Sometimes, organizations and vendors don’t even know that the vulnerability exists until after it’s been exploited – until after their IT environment has been compromised. Zero-day exploits can also occur between the time that the vulnerability is discovered and the time a patch is released. That means that there’s often a time period where the vulnerability has been discovered by an organization, but there isn’t any way to guard against it yet, giving cybercriminals a dangerous opportunity for attacks.

The role of vulnerability scanning

It’s incredibly important to protect against zero-day vulnerabilities. But, they’re understandably tricky to guard against. How can we protect against vulnerabilities when we don’t even know that they exist?

That’s why vulnerability scanning is so important. Mainframe vulnerability scanning is the act of scanning code to look for zero-day vulnerabilities, with the goal of identifying, ranking, and reporting new vulnerabilities to the appropriate vendors. Without automated vulnerability scanning, organizations aren’t able to discover the unknown vulnerabilities that are threatening the security of their environment. It needs to be a routine part of patch management and security processes to keep up with the ever-changing vulnerability landscape, and it’s important to scan every time there are changes to the environment.

Manually scanning for vulnerabilities is both impractical and expensive, so many organizations partner with third-party vendors to use mainframe vulnerability scanning tools. KRI’s z/Assure® VAP differs from other vulnerability scanning tools because it actually tests and monitors running code for zero-day vulnerabilities – enabling the discovery of details that other tools can’t pick up.

Beyond discovering and identifying zero-day vulnerabilities, it’s also essential that organizations install patches for these vulnerabilities as they become available from vendors. Patches are released to protect against vulnerabilities once they are found. Installing them quickly reduces the risk of an attack, helping organizations stay secure.