StoneBlog.stonesoft.com

According to Sari Kajantie from the Finnish National Bureau of Investigation (NBI) in Helsingin Sanomat, the biggest national newspaper in Finland on 4 August 2011: “It is not the fault of the employee who has opened the attachment, if the hacker can access all company data from a single laptop.”

Companies need to pay much more attention to their internal network activities and traffic. It should not come as a surprise to anybody that individual laptops are compromized. Workstation networks must be separated from the servers by firewalls and intrusion prevention systems; not only by installing these devices, but also by paying attention to rules and monitoring their alerts.

Continue reading »

written by Ari Vänttinen - 989 views \\ tags: Advanced Evasion Techniques, AET, Context and situation awareness, cybersecurity, IT security, risk management, Security, security threat, SMC

Read what head of Stonesoft´s vulnerability research team says about the challenges in evasion protection.

Dealing with evasions by Olli-Pekka Niemi

written by Ari Vänttinen - 804 views \\ tags: AET, intrusion prevention, network security, risk management, Security, security threat, stonesoft, Tips & Tricks, Training

The recent list of successful cyber attacks is getting longer and more severe, with the IT security landscape changing fast. By now, everyone knows this. Every second some organization is being attacked, and yet the criminals remain untouched. Why? Because they are improving their tools and methods so quickly that the industry and organizations can not keep up. During recent years, the gap between defense and offense has become quite narrow, but seems to be growing again.

Continue reading »

written by Ari Vänttinen - 817 views \\ tags: AET, attacks, IT security, network security, risk management, security governance, security threat

Curious about all the talk around advanced evasion techniques (AETs), and want to learn more? Already read the details available at www.antievasion.com and want to see more proof? Then be sure to sign up for one of our upcoming Webinars providing an overview of evasion research and demonstrating AETs using our TCP/IP fuzzing tool, Predator. If you’re not able to attend the next Webinar, be sure to contact your local Stonesoft sales representative for more details on the next schedule.

written by markb - 725 views \\ tags: AET, evasion, Intrusion, IPS

Bob Walder from Gartner  was visiting at annual Stonesoft Customer Advisory Board at Cannes France, delivering an excellent speech.

written by RoarinPenguin - 994 views \\ tags: Advanced Evasion Techniques, AET, anti-evasion, Bob Walder, evasion, Gartner, IPS

…the saga continues, with a new cool episode: Money could turn passionate Hackers in Cybercriminals!

Do you like this story? Please let us know in the comments…

Have a nice reading,

RoarinPenguin

written by RoarinPenguin - 521 views \\ tags: AET, Antievasion, IPS, SMC, The Adventures of Antti Pilvinen

According to Frost and Sullivan, global spending on intrusion detection and prevention technologies in 2010 exceeded $ 1.5 billion USD. At the same time, organizations are growing increasingly concerned by attack sophistication, such as Stuxnet, APTs, and the recent incidents involving RSA and Comodo. Yet, what if the first factor was rendered completely ineffective, and the second increased in its success? If all that money goes down the drain due to ineffective technologies, and sophistication is increasing, what do we do next?

Last October, Stonesoft made friends and enemies alike with its announcement regarding research in advanced evasion techniques and their disclosure to CERT-FI for vulnerability coordination. The subsequent disclosure at RSA that an additional 124 techniques were disclosed on top of the original 23 was met with even more resounding silence.

What’s interesting is that all of the discussion focuses around irrelevant sidebars. Bob Walder of Gartner and NSS Labs have discounted the threat of AETs as “yesterday’s news”; after all, evasions aren’t new, so what’s the big deal? And granted, Bob does know a thing or two about evasions; as one of the founders of NSS Labs, he’s a pretty sharp guy and created a few evasions of his own back in the day. The second sidebar centers around the likelihood of AETs being seen in the wild. No one has heard or seen of them being used, so clearly they must not exist.

Yet I would say that these are distractions from the real issue: old or new, in use or not, the bottom line is : advanced evasion techniques work. They work against just about every IPS technology on the market and in your network today. They enable the delivery of any exploit to vulnerable systems at any time, without detection or notice. But don’t take our word for it. Contact us and we’ll be happy to demonstrate for you. Read the validation of third party testing. Or even better, test it yourself. We’ve now made the first AET samples, originally provided to CERT-FI last year available at www.antievasion.com.

Does it matter how old it is? No, unlike a fine wine, AETs don’t get better or worse with age. They simply are. They work.

And in most cases, they work well. Against any IPS technology, next generation firewall, content scanning system, or Web application firewall. Why? Because vendors have typically focused on providing you, the customer, with what you ask for rather than what you need. They design systems that favor performance shortcuts vs. real security. They’d rather invest in nice marketing materials than in an effective normalization engine that still maintains decent throughput.

Wouldn’t you rather have a vendor interested in making a better, more effective security technology for today’s threats? One that is more manageable, scalable, and simplified than what you’re doing now? Again, don’t take our word for it. Try it yourself. Learn why Stonesoft’s security solutions are:

Network Security. Simplified.

written by markb - 749 views \\ tags: AET, evasion, Intrusion, IPS, stonegate, stonesoft

In over 20 years in IT, one of my driving principles has been to respect people who have the talent to map technology and technical concepts to quotes or concepts easy to remember.

This is undoubtedly a great technique to make such technologies or technical concepts remembered by many people, regardless of their level of skill.

Following this principle, I liked a lot the article from Bob Walder at Gartner blog published soon after Stonesoft released the AET news: while many were shouting at FUD or taking it for real with very complex explanations, he mapped the whole story to a very tangible and simple metaphor. Regardless if one agreed with his vision, I have to admit that I remember that article after two months because of this mapping process.

What happened a couple of days ago, however, is awesome: Jack Walsh from ICSA Labs wrote an article on Antievasion.com commenting the AET and what is the real threat.

And he did that linking to holiday seasons and to the popular Christmas movie with Tom Hanks “Polar Express”!

I really recommend you to read the article, very well written… but before you leave this post I want to share with you a funny story happened to me when I read it: Stonesoft released more technical details about AET with pcap names and technical info about 23 AETs on 16th december .

Suddendly, several vendors issued articles and blog posts with different degree of “officiality” to comment their protection level for AETs… and it has been more or less like a choir of “Yes, we have it, we protect”.

Finally, when I read the piece of Jack Walsh I had a clear vision of the Polar Express scene in the train where all the waiters are serving… hot-hot-hot-cho-co-late singing “yes, we got it, oh, we got it, yay, we got it!” and that was pure fun!

But beside the funny part, there in an important message in the article from Jack, tender to naysayers and skeptics in general: “Seein’ is believin’!”

And Stonesoft if perfectly able to show AET in action and how our StoneGate IPS solution helps contrasting them… just like this website helps another type of… skeptics.

I conclude this post wishing to all StoneBloggers and Stonians in the world for the holiday season:

Buon Natale e Felice Anno Nuovo!

Hyvää Joulua ja Onnellista Uutta Vuotta!

Merry Christmas and a Happy New Year!

written by RoarinPenguin - 985 views \\ tags: AET, jack walsh, polar express, real threat

Yesterday we publicly announced the discovery of new, advanced evasion techniques (AET) that can pose a serious threat to existing network security systems worldwide. The details of the discovery have been shared with CERT-FI in Finland for vulnerability coordination purposes and validated by ICSA Labs.

This discovery by Stonesoft vulnerability experts is not a new exploit or vulnerability, but a new method of delivering new and existing exploits (such as Stuxnet or Zeus) by bypassing today’s network security systems. Evasions enable advanced and hostile cyber criminals to deliver any malicious content, exploit or attack to a vulnerable system, without detection. Most evasion techniques to date have stayed within the confines of established rules for network traffic. Security systems can be rendered ineffective against evasion techniques, in the same way a stealth fighter can attack without detection by radar and other defensive systems. While evasions are nothing new, with research dating back to the late 1990s at least, AETs extend the research dramatically, adding new techniques and dramatically increasing the successful combinations possible.

AETs, a new species of evasion techniques, can be altered or combined in any order to avoid detection by security systems. AETs are, by their nature, dynamic, unconventional, virtually limitless in quantity, and unrecognizable by conventional detection methods. The amount of new AETs is growing exponentially, and thus they create an everlasting and ever-changing challenge for the information security industry and organizations around the world.

For more information about the announcement, see the press release, and join the discussion at www.antievasion.com.

written by markb - 1,295 views \\ tags: AET, evasion, IPS, Security

The principles of anti-evasion need to be re-written. Conventional principles are still valid, but we must take it a step further and realize the BIGGER picture. We need to be ready to break all the dominant rules and principles about evasion protection, like our enemies do. It has become evident that we only have seen the tip of the iceberg and over 90% of that iceberg is still unexplored. The theory and practice of evasion techniques needs to proceed hand-in-hand with leaps, not steps.

The idea of writing the principles of anti-evasion together as a community was born as the scope of the issue became clear. Re-writing principles is too challenging for one man. We need and want allies, andwe are ready to share insights and knowledge of our discovery and anti-evasion protection. So should everyone else before it escalates and poses an uncontrolled threat for the entire networked world.

Radical and fundamental revolution in network security and intrusion prevention is about to begin. Join the conversation now!

written by RoarinPenguin - 1,681 views \\ tags: AET, Antievasion, knowledge, Security