How to deal with 0-day vulnerabilities in advance when competing with hackers

Attackers with zero-day vulnerabilities and code exploitation have become the biggest threat to enterprise-level network security today. To minimize zero-Day vulnerabilities, many vendors began to study the protection mechanism for zero-Day vulnerabilities in operating systems.
The hierarchical protection mechanism is taken into account in the current operating system design. For example, in Windows, the kernel is zero-level Ring 0), and the outermost user level is three-level Ring 3 ). This classification mechanism reduces the possibility of errors in the operating system, improves the stability of the operating system, and ensures the security of the operating system to a certain extent.
Applications run at the least trusted level of Ring 3 and become user-state), while operating system programs run at the highest trusted level of Ring 0, and becomes the kernel state ). The operating system can allocate resources at different levels, and access between different levels is controlled. For example, Windows users can only access system resources through APIS provided by Windows. With this mechanism, any user who wants to access system resources must be allowed by the operating system.
Microsoft and many other security vendors have invested a lot of time and effort to develop enhanced security measures to improve the security of the operating system. Most of them focus on the core State Ring 0), that is, monitoring user State application requests to system resources. For example, to prevent write operations on key structures in the memory, and to analyze the behavior of applications to ensure that a word processing program does not suddenly send sensitive data out.
At the same time, many host-based security products can protect users' applications from attacks caused by security vulnerabilities. For example, marking heap memory and stack memory as unexecutable, or randomizing the returned address of memory allocation can increase the difficulty of exploiting the vulnerability, and even make the use of the buffer overflow vulnerability impossible.
Another host-based security protection measure, usually called behavior analysis, intercepts and analyzes various system call requests initiated by applications. As an improvement of this solution, another method is to load the application into the virtual machine, so that each command can be detected and analyzed before the application is executed, rather than the system call, this method is more thorough.
Although the host-based protection mechanism is difficult to configure and use in enterprise-level networks, this solution is currently the best way to deal with zero-Day vulnerability attacks. Enterprise-level networks that use this protection mechanism still face security risks, because these security products only defend against zero-Day vulnerabilities in the user State rather than the kernel state. Hackers with excellent technology can still intrude into enterprise-level networks by exploiting vulnerabilities in the operating system kernel.
Any security product that claims to be able to protect applications against zero-Day vulnerabilities must take their protection measures to the kernel level of the operating system.
Currently, security products on the market cannot guarantee that the operating system is not attacked by security vulnerabilities. With the maturity of virtual machine technology and the development of hardware technology, you can consider putting the next generation of Security Technology in virtual machines, and then create a trusted Virtual Machine Monitoring Program, this improves the visibility of security monitoring. The security protection module is developed in virtual machines to protect one or more servers from security vulnerability attacks when they work together. After a virtual machine is used, the security software works on the lower layer of the operating system to thoroughly detect operating system security vulnerabilities.
A solution like this can provide higher protection effects than the current security products. You do not need to install security software in the operating system where the server is running, as long as the operating system runs under a virtual machine with a security protection module. This method not only protects enterprise-level servers, but can also be used by common users.