Blocking Zero Day Attacks Tutorial Guide
If a new virus or any other malware has been released out into the open, vendors would need to produce a patch for this. In the time a vendor finds out about the malicious code, creates a patch and releases this for end users, the damage may have already been done. Hardware firewalls have zero day protection features now in place to stop and minimise such unknown threats.
Zero day protection has been introduced to overcome the above issue. Zero day protection works by inspecting abnormal content and abnormal behaviour within traffic, and would drop this type of traffic.
Application layer proxies are one strategy in protecting networks against zero day attacks. They are designed to allow good traffic and block everything else. They can recognise zero day threats as most of these threats take place at the application layer.
So zero day protection is the ability to block such a threat, via common abnormalities, suspicious looking traffic, even though the exact mechanisms of the attack are not known.
For further reading, there's some excellent electronic ebooks available for download from eBooks.com