Anti evasion and evader - klaus majewski


Published on

1 Comment
  • Hello
    dear,! Nice to meet you, A friend is A gift from God my name is success i went through your profile on this site and became interested in you please i will be very happy if you can contact me with my email address at ( so that i will tell you about myself and my pictures for you to know whom i am, Have a wonderful day!
    Best Regard
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Anti evasion and evader - klaus majewski

  1. 1. Contents Summary – the Evader story AETs – what are they? AETs – what the experts say Current security devices fail on AETs The risk from AETs Evader – what is it? Evader – who is it for? Evader – how does it work? What if you are not AET-ready? AET-ready solutions
  2. 2. The Evader storyStonesoft has been researching advanced evasions since 2007. In theearly days, Stonesoft found that all security products, includingStonesoft’s own, failed to detect AET-borne cyber attack. Stonesoftcreated anti-evasion technology, including full stack, multilayernormalization, and stream-based data inspection and detection, to protectorganizations from AETs.Stonesoft has been regularly reporting AETs to CERT since 2010.Stonesoft’s lab tests for about two million evasion combinationseveryday. Published tests and competitor products are claiming 100%protection but are only testing for exploit fingerprints – and AETdetection cannot be simply patched by software update. Stonesoftshows regular open tests (e.g. Black Hat) to demonstrate the failure ofwell-known vendors’ products to defend against AETs.But vendors and published appliance tests still claim 100% threatprotection! Now Evader – the ready-made evasion test lab – is availablefor free. All organizations can use Evader to conclusively real-world testtheir own security against AETs – and find out the truth.
  3. 3. What are AETs and why do they exist? Advanced Evasion Techniques
  4. 4. Advanced Evasion Techniques(AETs)o What are they? o Any hacking technique/method used to implement network based attacks in order to evade and bypass security detectiono What makes them advanced? o Combinations of evasions working simultaneously on multiple protocol layers o Combinations of evasions that can change during the attack o Carefully designed to evade inspection
  5. 5. 5 FACTS WE KNOW ABOUTThe AET threat Should we do something? 1) Increasing threat research, testing and understanding by the security community 2) Used by nation states and advanced cyber criminals in targeted and persistent cyber attacks 3) Enables the recycling of any exploit (known or unknown) 4) The majority of current security devices are incapable of detecting and stopping AETs 5) They leave no trace. This creates the illusion of security
  6. 6. For the record “Advanced Evasion Techniques can evade many network security systems. We were able to validate Stonesoft’s research and believe that these Advanced Evasion Techniques can result in lost corporate assets with potentially serious consequences for breached organizations.” – Jack Walsh, Program Manager Meanwhile, “If the network security system misses any type of evasion it means a hacker can use an entire class of exploits to circumvent security products, other rendering them virtually useless. Advanced Evasion Techniques increase the potential of evasion success against the IPS, which creates a serious concern for today’s networks.” network – Rick Moy, President security “Recent research indicates that Advanced Evasion Techniques are a real and credible – not to mention growing – threat against the network security infrastructure that protects governments, commerce and information- vendors sharing worldwide. Network security vendors need to devote the research and resources to finding a solution.” have kept – Bob Walder, Research Director radio “We believe AETs pose a serious threat to network security and have already seen evidence of hackers using them in the wild. It is also very silence! promising to see that Stonesoft is taking the threat posed by evasions seriously as they have been overlooked by many in the past.” -Andrew Blyth, Professor of Glamorgan University
  7. 7. Vertical Inspection of the data trafficPacket, segment or pseudo -packet based inspection process Maximum Inspection SpaceData TrafficApplicationProtocol layers 3(Streams) 2TCP levelSegments,pseudo packets 1IP levelPackets Limited Protocol Partial or No Evasion Removal Detect and Block Exploits1 decoding and 2 Majority of the traffic is left 3 Unreliable or impossible exploit inspection capability without evasion removal and detection when evasion are not to gain speed. inspected with limited context removed on all layers. information available.
  8. 8. HorizontalData stream based, full Stack normalization and inspection processData Traffic …Continuous Inspection Space…ApplicationProtocol level(Streams) 1 2 3 4TCP levelSegments, 1pseudo packetsIP levelPackets 1 Normalize traffic Advanced Evasion Detect exploits from the Alert and report on all protocol removal process fully evasion free data 4 Evasion attacks1 2 3 layers as a makes the traffic stream. through continious process. evasion free and management exploits detectable. system
  9. 9. There is a difference!Stonesoft Other vendors
  10. 10. Consider the risk1) Vulnerability to AETs makes an easy target for sophisticated hackers2) The cost of being hacked is always higher than protection (the business case)3) The cost of network breach can include loss of brand value, reputation, business relationships, as well as financial loss4) You can be totally unaware of successful AET-borne attacks5) And, sorry to say this, but as we speak you are probably vulnerable* *Current NGFW/IPS/IDS technologies are ineffective against Advanced Evasion Techniques because of a fundamental design flaw
  11. 11. “There are twotypes of CISO,those thathave beenattacked, andthose whodon’t knowthey’ve beenattacked”
  12. 12. How do you know if you are protected from AETs?TEST WITHEVADER
  13. 13. Launch controlled AETattacks at your owndefenses The world’s first downloadable software-based AET testing environment Not a hacking tool or penetration test – Evader tests if a known exploit can be delivered using AETs through your current security devices to a target host Designed to test NGFW, IPS and UTM network security appliances from McAfee, SourceFire, Checkpoint, HP/Tipping Point, Cisco, Palo Alto Networks, Juniper, Fortinet, Stonesoft and many more Free to download, easy to run, and even a little fun to use!
  14. 14. Evader benefits securityspecialists and C-level Information security professionals – discover the real-world truth behind device capabilities CIOs – re-assess risk strategy and consider network resilience as a component of the corporate – and operational – risk profile CEOs and COOs – take into account the effects of security breaches on brand, reputation and business relationships, as well as profits Researchers, academics, commentators and competitors – help save businesses from devastating AET attacks And hackers can learn that the security industry has the tools to fight back against the most advanced threats
  15. 15. Evader – for all organizations thatare potential targets for cyberattacksGovernments SCADA and ICS Alland defense networks organizations with digital assetsTransport and Finance and Telecoms andlogistics banking media
  16. 16. When to test with Evader
  17. 17. ATTACK SUCCEEDED: OPEN SHELLWhat next if youare not protected?
  18. 18. Let’s end the industry’sillusion of security Ask your Ask your While-U-wait vendor why vendor get protected you are not when they NOW with the safe from will be Stonesoft AETs AET-ready EPSStonesoft’s own tests with other vendors’ current NGFW, IPS and UTM devices – following full-device configuration –have had very poor results. Unfortunately you can expect the same.
  19. 19. The Stonesoft EPS as an“Infrastructure Patch” EPS
  20. 20. All Stonesoft solutions detectand prevent AET cyber attacksStonesoft Security Engine Fully integrated, adaptive, high manageability, world-leading network security – respond to business and environment changes without taking CAPEX or OPEX hits. Transformable to any next generation security product without license changes. Flexible and fully featured – choose from SMB to military-grade protection. Free future updates, upgrades and performance improvements. Full AET protection.Stonesoft IPS High performance Next Gen IPS, upgradable to the full Security Engine via license upgrade. Free updates. Full AET protection.Stonesoft EPS Cost-effective AET “infrastructure patch”, upgradable to the full Security Engine or Next Gen IPS via license upgrades Free updates. Full AET protection.
  21. 21. A Stonesoft