StoneBlog.stonesoft.com

According to Frost and Sullivan, global spending on intrusion detection and prevention technologies in 2010 exceeded $ 1.5 billion USD. At the same time, organizations are growing increasingly concerned by attack sophistication, such as Stuxnet, APTs, and the recent incidents involving RSA and Comodo. Yet, what if the first factor was rendered completely ineffective, and the second increased in its success? If all that money goes down the drain due to ineffective technologies, and sophistication is increasing, what do we do next?

Last October, Stonesoft made friends and enemies alike with its announcement regarding research in advanced evasion techniques and their disclosure to CERT-FI for vulnerability coordination. The subsequent disclosure at RSA that an additional 124 techniques were disclosed on top of the original 23 was met with even more resounding silence.

What’s interesting is that all of the discussion focuses around irrelevant sidebars. Bob Walder of Gartner and NSS Labs have discounted the threat of AETs as “yesterday’s news”; after all, evasions aren’t new, so what’s the big deal? And granted, Bob does know a thing or two about evasions; as one of the founders of NSS Labs, he’s a pretty sharp guy and created a few evasions of his own back in the day. The second sidebar centers around the likelihood of AETs being seen in the wild. No one has heard or seen of them being used, so clearly they must not exist.

Yet I would say that these are distractions from the real issue: old or new, in use or not, the bottom line is : advanced evasion techniques work. They work against just about every IPS technology on the market and in your network today. They enable the delivery of any exploit to vulnerable systems at any time, without detection or notice. But don’t take our word for it. Contact us and we’ll be happy to demonstrate for you. Read the validation of third party testing. Or even better, test it yourself. We’ve now made the first AET samples, originally provided to CERT-FI last year available at www.antievasion.com.

Does it matter how old it is? No, unlike a fine wine, AETs don’t get better or worse with age. They simply are. They work.

And in most cases, they work well. Against any IPS technology, next generation firewall, content scanning system, or Web application firewall. Why? Because vendors have typically focused on providing you, the customer, with what you ask for rather than what you need. They design systems that favor performance shortcuts vs. real security. They’d rather invest in nice marketing materials than in an effective normalization engine that still maintains decent throughput.

Wouldn’t you rather have a vendor interested in making a better, more effective security technology for today’s threats? One that is more manageable, scalable, and simplified than what you’re doing now? Again, don’t take our word for it. Try it yourself. Learn why Stonesoft’s security solutions are:

Network Security. Simplified.

written by markb - 848 views \\ tags: AET, evasion, Intrusion, IPS, stonegate, stonesoft

Interested in speaking with ICSA Labs at RSA? Jack Walsh, noted security expert and ICSA Labs Network IPS Program Manager, will be talking all things IPS and AETs at booth 2533. StoneBlog readers interested in speaking with Mr. Walsh about the next generation of network security threats can schedule a one-on-one meeting here.

In addition to his research and testing on IPS technologies, Mr. Walsh was one of the first industry experts to validate the threat of AETs to global networks.  He’ll be available to discuss your AET, IPS and network security questions on Tuesday, February 15 from 3:00-4:00 and Thursday, February 17 from 11:30-12:30.

Sign up now!

written by heather.pritchett - 1,108 views

NSS Labs recently released the results of its latest Network IPS Group Test, which was also covered by Jeremy Kirk at IDG News Service here. The results were interesting to say the least. Here are a few high level observations:

StoneGate IPS performance. Like a majority of the appliances tested, StoneGate received a Neutral rating indicating that the devices performed reasonably well and should be considered in the purchasing process. However, there were several areas where StoneGate IPS tested exceedingly well, including:

• Excellent in value purchase and TCO. Stonesoft’s StoneGate IPS-1205 and IPS-3205 appliances were rated excellent in value purchase. In the sub-gigabit category, the StoneGate IPS-1205 provided the best price per Mbps-protected. In the high-end appliance category, the StoneGate IPS-3205 had the second lowest three-year TCO.
• Ease of use. “Stonesoft‘s Management Center builds on its firewall management and is extremely intuitive and easy to use. Deploying Stonesoft‘s pre-defined policies is simple and efficient. It took almost no time to setup, configure and tune.”
• 100 percent protection against evasions. The StoneGate IPS-1205 and IPS-3205 successfully handled 100 percent of NSS Labs’ traditional evasion attempts without error, including HTML evasions. However, it’s important to note that Advanced Evasion Techniques (AETs) were not included in this test, so the 100 percent coverage is for basic evasions only and will not provide protection against AETs.According to NSS Labs:
  ”If an attacker can avoid detection by fragmenting IP Packets or segmenting TCP streams, an IPS will be completely blind to ALL attacks”.

This concept has been at the heart of our AET research, and is why we are expecting NSS Labs to raise the bar in 2011 by incorporating AET tools into their testing suite.

written by TimoT - 1,982 views \\ tags: IPS, Security

Yesterday we publicly announced the discovery of new, advanced evasion techniques (AET) that can pose a serious threat to existing network security systems worldwide. The details of the discovery have been shared with CERT-FI in Finland for vulnerability coordination purposes and validated by ICSA Labs.

This discovery by Stonesoft vulnerability experts is not a new exploit or vulnerability, but a new method of delivering new and existing exploits (such as Stuxnet or Zeus) by bypassing today’s network security systems. Evasions enable advanced and hostile cyber criminals to deliver any malicious content, exploit or attack to a vulnerable system, without detection. Most evasion techniques to date have stayed within the confines of established rules for network traffic. Security systems can be rendered ineffective against evasion techniques, in the same way a stealth fighter can attack without detection by radar and other defensive systems. While evasions are nothing new, with research dating back to the late 1990s at least, AETs extend the research dramatically, adding new techniques and dramatically increasing the successful combinations possible.

AETs, a new species of evasion techniques, can be altered or combined in any order to avoid detection by security systems. AETs are, by their nature, dynamic, unconventional, virtually limitless in quantity, and unrecognizable by conventional detection methods. The amount of new AETs is growing exponentially, and thus they create an everlasting and ever-changing challenge for the information security industry and organizations around the world.

For more information about the announcement, see the press release, and join the discussion at www.antievasion.com.

written by markb - 1,424 views \\ tags: AET, evasion, IPS, Security

During the last two years we have received feedback from Gartner as well as some customers that StoneGate IPS is surely efficient but it is a bit difficult to configure inspection rules for the device. The other feedback we have noticed in customer interviews is that administrators are not aware of all StoneGate’s inspection capabilities. Administrators don’t seem to have time to configure and manage Inspection rules as granular way as for managing the FW access rules.

In StoneGate 5.2 we have now answered your needs. There is a brand new way of configuring inspection rules with the help of a new Inspection Rules panel. Read more how to configure the Inspection rules with SMC 5.2.

Continue reading »

written by Tero Jantunen - 1,391 views \\ tags: 5.2, False positives, Feature Previews, firewall, Inspection, Inspection configuration, Inspection rules, IPS, Situations, SMC

IE 6&7 have remote a vulnerability that is being exploited in the wild right now. There are no patches available. If you use StoneGate IPS with strict policy and have update package 293 activated && policy refreshed, you should be safe. If you don’t, you’d want to make sure that the fingerprint situation HTTP_SS-Microsoft-Internet-Explorer-Invalid-Pointer-Reference-CVE-2010-0806 is in your inspection policy with action “Terminate”.

written by Olli-Pekka Niemi - 1,418 views \\ tags: cve, Security, security threat, Vulnerability

With StoneGate’s Web filtering feature you can configure which type of resources in the Internet the users can access by using web browsers. StoneGate contains about 80 URL categories that you can use to inspect the traffic. URL categories are dynamically updated from external cloud service provided by a company called BrightCloud.

Continue reading »

written by Tero Jantunen - 2,040 views \\ tags: Features, URL filtering, Web filtering

StoneGate version 5.1 will be soon publicly available. We thought we could tell a little bit about the content of the new release here in StoneBlog. In the following days, we will publish a short serie of articles that briefly describe the major features of StoneGate 5.1 and StoneGate SSL VPN 1.4.

When we look at the release content of 5.1, we must say that there are not that many new features as there were in version 5.0. The focus has lately been developing further features that were published earlier this year. Some of those enhancements will come out in 5.1 while some of them will be published later in 5.2 that will be available in the end of Q2/2010.

Stay tuned and see what are the new features of StoneGate 5.1!

written by Tero Jantunen - 920 views

Have you ever been in the situation where you needed Stonesoft Support to help you troubleshoot a problem you are having only to be told to send them an sginfo and they will investigate?  Ever wonder why?

Continue reading »

written by SideKick - 1,322 views \\ tags: firewall, IPS, SMC, SSL VPN

…to experience StoneGate at best in your virtual infrastructure!

After the large success of previous version, here’s the update featuring:

• StoneGate Management Center version 5.04
• StoneGate Firewall/VPN version 5.04
• StoneGate IPS version 5.0.2
• StoneGate SSL VPN version 1.3.2

in a ready-made configuration according to following schema:

The system includes virtual machine compatible with the newest version of VMware virtualization systems (Virtual Machines version 7) like vSphere, VMware Server 2.0.x and VMware workstation 6.5 and later.

You can find more details and download links here.

Network Security. Virtualized

written by RoarinPenguin - 1,707 views \\ tags: svdk, virtual demo kit, virtual playground, Virtualization