3

We are a development team working on a new 0-day protection security product. We aim to protect against new unknown 0-days attacks against servers. We have a very strong solution ready to demo.

The question is: how do you demo such a product ??? If you show that you can protect against known attacks - then you are no better than existing anti-virus solutions. But how do you demonstrate the capabilities against 0-day unknown attacks?

Any ideas would be welcome

O A
  • 31
  • 1
  • 2
    How are you currently testing this product? Wouldn't that same avenue be your demo? – logicalscope Jan 11 '12 at 06:43
  • Our beta testers submit their own vulnerable server binary, which we protect on the net, and which they try to attack given that they gave full knowledge and source code of their binary. But obviously, this is not a great setup for demo-ing VC and management types. – O A Jan 11 '12 at 21:02

2 Answers2

3

I think that's a marketing problem, not a technical one. 0-day means that no one in authority knows about it. So unless you discover your own 0-day and don't tell anyone ...

The demonstration is how it detects a problem, not the validity of the particular 0-day itself. You could keep a record of tests done against recently released 0-days that have not yet been addressed by vendors or signature-based AV solutions to show how your solution responds.

If you are looking for a canned, repeatable demonstration, you will have to reuse a known attack against a target that does not have protection against it and differentiate yourself in describing how your detection engine works.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • Well the marketing is rather easy... "We catch 0-day and polymorphic code attacks and protect legacy and custom binaries. Other people dont." But i agree on the canned approach with known attacks. Sigh.. – O A Jan 11 '12 at 21:35
  • 1
    You want to tell a story about *how* you catch 0-days. And how you tell that story is the marketing question. It is ok if you use known attacks, if that fits into your story. There are technical limitations that prevent you from telling a different kind of story. – schroeder Jan 11 '12 at 21:41
3

You'll need to show that your product, as it existed at the time that a 0-day first became known (i.e. before you could have possibly designed it to target that particular attack), was able to detect/prevent that 0-day exploit.

If you can show that, for a good sample of 0-days, your product as it was then would have caught them, while your competitors' tools would not, then you'll have a reasonable argument.

If your product is new, so you don't have such earlier versions to demo with, then it'll be trickier. You'll have to persuade customers that your approach is not biased to simply detect "yesterdays attacks" but can really protect against the unknown - which might mean exposing more than you'd like to about your approach.

Misha
  • 2,699
  • 2
  • 19
  • 17
  • I agree with the 1st paragraph. But again - this is hardly a "visual" or compelling demonstration :( – O A Jan 11 '12 at 21:28
  • Sure -- "reasonable argument" and "compelling demo" are far from being synonyms. Depends on your audience -- some will be impressed by animated powerpoints, others by a thorough exposition of the approach used. YMMV – Misha Jan 12 '12 at 08:58