I am going to step out of the naming convention debate, but I did want to post on a technology area that can assist an organization in identifying suspicious behavior that may be indicative of an unknown exploit taking advantage of an unknown vulnerability.
Network behavior analysis (NBA), formerly referred to as NBAD, provides network-wide visibility through the collection of netflow, and generally coupled with native packet capture, can be used to detect behaviors that may be missed by other detection methods, such as intrusion prevention systems (NBA is NOT IPS). This visibility can be used to identify worms, unauthorized protocols and suspicious behavior. Steinnon has a nice write up (here) and (here)
In the right hands, they can assist in identifying zero-day attacks so that an organization can take actions to limit their impact – which is about all you can do against these type of attacks. They are obviously not a silver-bullet, and they are not anti-zero-day tools but the level of network visibility and analysis they provide, coupled with security context can certainly raise the bar on how quickly an organization can respond to such threats. Again the goal of security is not to prevent all bad things from occurring – this is an unachievable goal – the goal of security is to limit the probability of a successful incident and when one does occur, which it will, limit its impact on the environment.
“And that’s all I have to say about that.”