Successfully reported this slideshow.
Advanced EvasionTechniques (AET)Could your security solution detect them?
Stonesoft Global Company           Customer Focus            Innovation A Global Security        Operations in USA, EMEA  ...
It’s OK, we’re protected.            X X X X
Are you sure?  Advanced  Evasion  Techniques
AETs in action…       Vendor 1
Evasion (definition) Evasion techniques are a means to          disguise and/or   modify cyber attacks to avoid detection ...
Evasion timeline             • First papers appeared detailing attacks against or               ways to bypass network int...
Evasion timeline           • Stonesoft share findings on new evasion threat   2010    • Stonesoft deliver 23 STACKABLE AET...
Why AETs are different                                       The TCP/IP and OSI ModelsIn order to understand what an advan...
Surely my current IPS/IDS/NGFWcan stop them? It is possible to effortlessly evade most market-leading security solutions b...
AETs - Comment“Advanced Evasion            “If the network security       “Recent research indicatesTechniques can evade  ...
How can I defend against AETs? Cover the basics (Patch, permissions etc.) Know your assets (Who, What, When & Where) Be vi...
Summary• AETs are real• AETs are NOT exploits• Most vendors are severely lacking in this area• AETs will not just go away•...
Stand G62alan.cottom@stonesoft.comwww.stonesoft.com
AETs in action…       Vendor 2
YOUR YEAR-ROUND  IT RESOURCE – access to everything  you’ll need to know
THE WHOLETECHNOLOGY   STACKfrom start to finish
COMMENT &  ANALYSISInsights, interviews and the latest thinking on technology solutions
VIDEOYour source of live information – all the presentations from         our live events
TECHNOLOGY     LIBRARY   Over 3,000 whitepapers,case studies, product overviews and press releases from all the       lead...
EVENTS, WEBINARS &    PRESENTATIONS           Missed the event?   Download the presentations thatinterest you. Catch up wi...
DirectoryA comprehensive A-Z listing     providing in-depth    company overviews
ALL FREE TO ACCESS    24/7
online.ipexpo.co.uk
Advanced EvasionTechniques (AET) Could your security solution detect them?
Advanced EvasionTechniques (AET) Could your security solution detect them?
Advanced EvasionTechniques (AET) Could your security solution detect them?
Advanced EvasionTechniques (AET) Could your security solution detect them?
Advanced EvasionTechniques (AET) Could your security solution detect them?
Advanced EvasionTechniques (AET) Could your security solution detect them?
Advanced EvasionTechniques (AET) Could your security solution detect them?
Advanced EvasionTechniques (AET) Could your security solution detect them?
Upcoming SlideShare
Loading in …5
×

Advanced EvasionTechniques (AET) Could your security solution detect them?

842 views

Published on

Evasion techniques are a means to disguise and/or modify cyber attacks to avoid detection and blocking by information security systems. Evasions enable advanced and hostile cyber criminals to deliver any malicious content, exploit or attack to a vulnerable system without detection that would normally be detected and stopped. Advanced Evasions take this threat to an entirely new level.Missing an evasion means a hacker can use an entire class of exploits to circumvent a security product rendering it virtually useless.

Published in: Technology
  • Be the first to comment

Advanced EvasionTechniques (AET) Could your security solution detect them?

  1. 1. Advanced EvasionTechniques (AET)Could your security solution detect them?
  2. 2. Stonesoft Global Company Customer Focus Innovation A Global Security Operations in USA, EMEA Integrated network Company, in business and Asia security and business since 1990 continuity solutions Listed in the Helsinki Global 24/7 support R&D Teams in France, stock exchange Finland & Poland Customers in more than (HEX) 70 countries Corporate HQ in Focus on customers Multiple Patents for Helsinki, Finland core technologies requiring advanced network security and always-on connectivity
  3. 3. It’s OK, we’re protected. X X X X
  4. 4. Are you sure? Advanced Evasion Techniques
  5. 5. AETs in action… Vendor 1
  6. 6. Evasion (definition) Evasion techniques are a means to disguise and/or modify cyber attacks to avoid detection and blocking by information security systems. Evasions enable advanced and hostile cyber criminals to deliver any malicious content, exploit or attack to a vulnerable system without detection, that would normally be detected and stopped. Security systems are rendered ineffective against such evasion techniques. (In the same way a stealth fighter can attack without detection by radar and other defensive systems)
  7. 7. Evasion timeline • First papers appeared detailing attacks against or ways to bypass network intrusion detection. 1997-98 • Possibility to combine evasions suggested 2004 • 12 known (traditional) evasion methods • Stonesoft R&D begin research into evasions 2007
  8. 8. Evasion timeline • Stonesoft share findings on new evasion threat 2010 • Stonesoft deliver 23 STACKABLE AETs to CERT • February – Stonesoft deliver 124 new AETs 2011 • October – Stonesoft deliver further 160 new AETs • Approx. 2^300 Advanced Evasion Techniques Today
  9. 9. Why AETs are different The TCP/IP and OSI ModelsIn order to understand what an advanced evasion Applicationis we must refer back to the rules surroundingnetwork communications and specifically TCP/IP. Application PresentationKnown evasions target specific layers of the TCP/IPprotocol stack. This makes them relatively easy to Sessiondetect and stop. Host-to-Host TransportAdvanced evasions target multiple layers of the Internet Networkprotocol stack and combine multiple evasionmethods. Network Data LinkThey do not conform to the rules. Making them Accessvirtually impossible to detect. Physical TCP/IP OSI
  10. 10. Surely my current IPS/IDS/NGFWcan stop them? It is possible to effortlessly evade most market-leading security solutions by using one or more advanced evasion techniques (AETs). NOTE! Tests include all of the highest ranked security devices from the Gartner Magic Quadrant All products are running the latest versions and updates. StoneGate products were originally vulnerable but now include comprehensive protection against AETs as standard.
  11. 11. AETs - Comment“Advanced Evasion “If the network security “Recent research indicatesTechniques can evade system misses any type of that Advanced Evasionmany network security evasion it means a hacker Techniques are real andsystems. We were able to can use an entire class of credible – not to mentionvalidate Stonesoft’s exploits to circumvent growing –a growing threatresearch and believe that security products, against the network securitythese Advanced Evasion rendering them virtually infrastructure that protectsTechniques can result in useless. Advanced Evasion governments, commerce andlost corporate assets with Techniques increase the information-sharingpotentially serious potential of evasion success worldwide. Network securityconsequences for breached against the IPS, which vendors need to devote theorganizations.” creates a serious concern research and resources to for today’s networks.” finding a solution.“– Jack Walsh, ProgramManager – Rick Moy, President – Bob Walder, Research Director
  12. 12. How can I defend against AETs? Cover the basics (Patch, permissions etc.) Know your assets (Who, What, When & Where) Be vigilant (Monitor) Deploy Advanced Evasion ready network security (Scalable, responsive) Review (Don’t be complacent)
  13. 13. Summary• AETs are real• AETs are NOT exploits• Most vendors are severely lacking in this area• AETs will not just go away• You CAN defend against AETs
  14. 14. Stand G62alan.cottom@stonesoft.comwww.stonesoft.com
  15. 15. AETs in action… Vendor 2
  16. 16. YOUR YEAR-ROUND IT RESOURCE – access to everything you’ll need to know
  17. 17. THE WHOLETECHNOLOGY STACKfrom start to finish
  18. 18. COMMENT & ANALYSISInsights, interviews and the latest thinking on technology solutions
  19. 19. VIDEOYour source of live information – all the presentations from our live events
  20. 20. TECHNOLOGY LIBRARY Over 3,000 whitepapers,case studies, product overviews and press releases from all the leading IT vendors
  21. 21. EVENTS, WEBINARS & PRESENTATIONS Missed the event? Download the presentations thatinterest you. Catch up with convenient webinars. Plan your next visit.
  22. 22. DirectoryA comprehensive A-Z listing providing in-depth company overviews
  23. 23. ALL FREE TO ACCESS 24/7
  24. 24. online.ipexpo.co.uk

×