In the network security world, threats can be known—or unknown. Among the unknown kind are zero-day threats: ones that have already been used in a real attack but have yet to be publicly disclosed by the software vendor. In the time between the threat’s discovery (“day zero”) and its disclosure, enterprises are completely in the dark about the risks they might be facing.
While security vendors have been discussing zero-day threats a lot as of late, many use “zero day” as a blanket term to describe any type of threat that has not yet been disclosed but is being used by malicious operators. Painting in such broad strokes, however, leaves enterprises vulnerable.