StoneBlog.stonesoft.com

“The Adventures of Antti Pilvinen” - A story by the RoarinPenguin

DISCLAIMER: All facts, people and companies in this story are fictional and do not have links with any real situation.

It’s always good to get back home after a business trip, especially after a nice deal has been closed and you were able to enjoy asunset over one thousand lakes during the flight from Oulu to Helsinki. Listening to Alabama’s tune, “God must have spent a little more time on you”, completes a feeling of perfection that Antti Pilvinen has while flying back to Helsinki after that great two days in Oulu. Antti closed a managed security service agreement with FinnDime Oy, a fund management company very concerned about security.

At the beginning of the year, ASPF extended its security offering to provide managed security services, thanks to the investment in the StoneGate Management Center. The move was approved by Juhani Kiviportti, the security guru of ASPF who thoroughly tested the proof of concept they implemented with the help of Stonesoft Professional Services.

The pay as you grow licensing model provided incredibly fast ROI, and the customer base started to grow shortly after ASPF announced StaySafe. StaySafe is the name of this new offering that includes security devices that are installed at customer premises but centrally monitored by the security operation center, led by Juhani in ASPF.

At FinnDime, Mr. Matti Palovalli was very concerned about Stonesoft’s recent discovery of a new species of attacks defined as Advanced Evasion Techniques (AETs). While it is certainly true that such attacks are not for script kiddies, it’s very possible that FinnDime could represent an attractive target for sophisticated and powerful cybercriminals, hence he wanted to ensure the highest level of protection possible.
Antti closed a nice deal by offering a combination of the StoneGate Firewall and IPS at a very interesting price, but the “killer app” was the geolocated statistics and the awesome reporting that the SMC provides… automagically… delivered right in Matti’s mailbox every month…branded with FinnDime logo…ready for top management!

While Antti was lost in these nice thoughts, in a remote (but wired for the Internet) location near Tampere, something very bad was about to happen: Tero Koiraverkkonen, nicknamed NetPain, was furious with his former employer, a small security system integrator who decided to lay him off one month before.

“Those idiots are just thinking of their bank account,” Tero wrote in a secured chat with HiddenBytes, a group of cybercriminals found on the ‘Net, “with no respect for highly skilled professionals! How can they think they can keep the important customers they have if they hire newbies barely able to run Metasploit and sell them at 1000 euros a day?”

His counterpart in the chat was amplifying Tero’s rage with carefully chosen words designed to bring him on their side. This chat had been ongoing for few weeks now and the time was right to propose, “why don’t we join forces to show to these customers they are not secure?” Then Black Mamba continued, “you could calm your thirst for revenge, plus make some nice money….”

“Uhmmm… why not,” replied Tero. “Yes, let’s use that tool you have to perform a special advanced attack. I know for sure that they have this old Unix system vulnerable to several common attacks, and I understand that by using the DamagerMax we could split this attack on multiple layers bypassing every security device.”

“Exactly”, concluded Black Mamba, “just like if we had Harry Potter’s Invisibility Blanket!”

They planned D-Day to happen one week later.

A few days after the next month began, Antti Pilvinen received an email from FinnDime’s CEO, Mr.Mikko Kovinrikas.

“Dear Mr. Pilvinen,

I have been informed by our CISO, Mr.Palovalli, that at the end of the past month we were under attack with a very sophisticated and dangerous tool, launched with a technique almost completely unknown in the security landscape. Thanks to the StaySafe service we were alerted in real-time about what happened, with very precise information about the attack itself. Also, the attack did not go through thanks to a technique called dynamic blacklist blended with something that Mr.Palovalli defined as an Anti-Evasion Ready device. While thanking you for the excellent defense-in-depth your service provides, we are informing you that we will extend this service in the upcoming months to cover our 42 partners worldwide.

Best regards,

Mikko Kovinrikas”

After he recovered from the splendid shot of emotion, suddenly an amazing thought traversed his mind: “wow… 42 must really be the answer…”