StoneBlog.stonesoft.com

Curious about all the talk around advanced evasion techniques (AETs), and want to learn more? Already read the details available at www.antievasion.com and want to see more proof? Then be sure to sign up for one of our upcoming Webinars providing an overview of evasion research and demonstrating AETs using our TCP/IP fuzzing tool, Predator. If you’re not able to attend the next Webinar, be sure to contact your local Stonesoft sales representative for more details on the next schedule.

written by markb - 695 views \\ tags: AET, evasion, Intrusion, IPS

Bob Walder from Gartner  was visiting at annual Stonesoft Customer Advisory Board at Cannes France, delivering an excellent speech.

written by RoarinPenguin - 971 views \\ tags: Advanced Evasion Techniques, AET, anti-evasion, Bob Walder, evasion, Gartner, IPS

…the saga continues, with a new cool episode: Money could turn passionate Hackers in Cybercriminals!

Do you like this story? Please let us know in the comments…

Have a nice reading,

RoarinPenguin

written by RoarinPenguin - 500 views \\ tags: AET, Antievasion, IPS, SMC, The Adventures of Antti Pilvinen

According to Frost and Sullivan, global spending on intrusion detection and prevention technologies in 2010 exceeded $ 1.5 billion USD. At the same time, organizations are growing increasingly concerned by attack sophistication, such as Stuxnet, APTs, and the recent incidents involving RSA and Comodo. Yet, what if the first factor was rendered completely ineffective, and the second increased in its success? If all that money goes down the drain due to ineffective technologies, and sophistication is increasing, what do we do next?

Last October, Stonesoft made friends and enemies alike with its announcement regarding research in advanced evasion techniques and their disclosure to CERT-FI for vulnerability coordination. The subsequent disclosure at RSA that an additional 124 techniques were disclosed on top of the original 23 was met with even more resounding silence.

What’s interesting is that all of the discussion focuses around irrelevant sidebars. Bob Walder of Gartner and NSS Labs have discounted the threat of AETs as “yesterday’s news”; after all, evasions aren’t new, so what’s the big deal? And granted, Bob does know a thing or two about evasions; as one of the founders of NSS Labs, he’s a pretty sharp guy and created a few evasions of his own back in the day. The second sidebar centers around the likelihood of AETs being seen in the wild. No one has heard or seen of them being used, so clearly they must not exist.

Yet I would say that these are distractions from the real issue: old or new, in use or not, the bottom line is : advanced evasion techniques work. They work against just about every IPS technology on the market and in your network today. They enable the delivery of any exploit to vulnerable systems at any time, without detection or notice. But don’t take our word for it. Contact us and we’ll be happy to demonstrate for you. Read the validation of third party testing. Or even better, test it yourself. We’ve now made the first AET samples, originally provided to CERT-FI last year available at www.antievasion.com.

Does it matter how old it is? No, unlike a fine wine, AETs don’t get better or worse with age. They simply are. They work.

And in most cases, they work well. Against any IPS technology, next generation firewall, content scanning system, or Web application firewall. Why? Because vendors have typically focused on providing you, the customer, with what you ask for rather than what you need. They design systems that favor performance shortcuts vs. real security. They’d rather invest in nice marketing materials than in an effective normalization engine that still maintains decent throughput.

Wouldn’t you rather have a vendor interested in making a better, more effective security technology for today’s threats? One that is more manageable, scalable, and simplified than what you’re doing now? Again, don’t take our word for it. Try it yourself. Learn why Stonesoft’s security solutions are:

Network Security. Simplified.

written by markb - 723 views \\ tags: AET, evasion, Intrusion, IPS, stonegate, stonesoft

NSS Labs recently released the results of its latest Network IPS Group Test, which was also covered by Jeremy Kirk at IDG News Service here. The results were interesting to say the least. Here are a few high level observations:

StoneGate IPS performance. Like a majority of the appliances tested, StoneGate received a Neutral rating indicating that the devices performed reasonably well and should be considered in the purchasing process. However, there were several areas where StoneGate IPS tested exceedingly well, including:

• Excellent in value purchase and TCO. Stonesoft’s StoneGate IPS-1205 and IPS-3205 appliances were rated excellent in value purchase. In the sub-gigabit category, the StoneGate IPS-1205 provided the best price per Mbps-protected. In the high-end appliance category, the StoneGate IPS-3205 had the second lowest three-year TCO.
• Ease of use. “Stonesoft‘s Management Center builds on its firewall management and is extremely intuitive and easy to use. Deploying Stonesoft‘s pre-defined policies is simple and efficient. It took almost no time to setup, configure and tune.”
• 100 percent protection against evasions. The StoneGate IPS-1205 and IPS-3205 successfully handled 100 percent of NSS Labs’ traditional evasion attempts without error, including HTML evasions. However, it’s important to note that Advanced Evasion Techniques (AETs) were not included in this test, so the 100 percent coverage is for basic evasions only and will not provide protection against AETs.According to NSS Labs:
  ”If an attacker can avoid detection by fragmenting IP Packets or segmenting TCP streams, an IPS will be completely blind to ALL attacks”.

This concept has been at the heart of our AET research, and is why we are expecting NSS Labs to raise the bar in 2011 by incorporating AET tools into their testing suite.

written by TimoT - 1,732 views \\ tags: IPS, Security

Yesterday we publicly announced the discovery of new, advanced evasion techniques (AET) that can pose a serious threat to existing network security systems worldwide. The details of the discovery have been shared with CERT-FI in Finland for vulnerability coordination purposes and validated by ICSA Labs.

This discovery by Stonesoft vulnerability experts is not a new exploit or vulnerability, but a new method of delivering new and existing exploits (such as Stuxnet or Zeus) by bypassing today’s network security systems. Evasions enable advanced and hostile cyber criminals to deliver any malicious content, exploit or attack to a vulnerable system, without detection. Most evasion techniques to date have stayed within the confines of established rules for network traffic. Security systems can be rendered ineffective against evasion techniques, in the same way a stealth fighter can attack without detection by radar and other defensive systems. While evasions are nothing new, with research dating back to the late 1990s at least, AETs extend the research dramatically, adding new techniques and dramatically increasing the successful combinations possible.

AETs, a new species of evasion techniques, can be altered or combined in any order to avoid detection by security systems. AETs are, by their nature, dynamic, unconventional, virtually limitless in quantity, and unrecognizable by conventional detection methods. The amount of new AETs is growing exponentially, and thus they create an everlasting and ever-changing challenge for the information security industry and organizations around the world.

For more information about the announcement, see the press release, and join the discussion at www.antievasion.com.

written by markb - 1,259 views \\ tags: AET, evasion, IPS, Security

Connection and Blacklist monitoring have been refactored in StoneGate 5.2. At the same time when making these functions more reliable, improved the communication protocol between the SMC and engines and increased the connection table update interval, we have introduced a couple of nice features for these two views. Read more information below about how Connection and Blacklist Monitoring have been improved.

Continue reading »

written by Tero Jantunen - 1,110 views \\ tags: 5.2, Aggregation, Blacklist Monitoring, Connection Monitoring, Feature Previews, firewall, IPS, Monitoring, SMC, Snapshots, statistics

During the last two years we have received feedback from Gartner as well as some customers that StoneGate IPS is surely efficient but it is a bit difficult to configure inspection rules for the device. The other feedback we have noticed in customer interviews is that administrators are not aware of all StoneGate’s inspection capabilities. Administrators don’t seem to have time to configure and manage Inspection rules as granular way as for managing the FW access rules.

In StoneGate 5.2 we have now answered your needs. There is a brand new way of configuring inspection rules with the help of a new Inspection Rules panel. Read more how to configure the Inspection rules with SMC 5.2.

Continue reading »

written by Tero Jantunen - 1,259 views \\ tags: 5.2, False positives, Feature Previews, firewall, Inspection, Inspection configuration, Inspection rules, IPS, Situations, SMC

StoneGate 5.2 version is scheduled to be released in June or July 2010. As the release gets closer, we decided to continue our tradition and publish a serie of articles about the new features and enhancements in advance here in StoneBlog.

Most of the 5.2 enhancements are based on customer feedback we are constantly gathering from StoneGate customers from all over the world. Our duty at Stonesoft R&D is to save your time and maximize the user experience of using StoneGate products! StoneGate 5.2 provides once again a lots of usability enhancements in StoneGate Management Center. In addition to this, there are pretty nice new technical features on engine side that may allow you to use StoneGate products in a different way or in new environments.

Stay tuned and find out what is coming in StoneGate 5.2. We are really interested to hear your feedback related to the new features and enhancements. Feel free to leave your comments and ratings to let us know what do you think about the latest improvements.

written by Tero Jantunen - 707 views \\ tags: 5.2, Feature Previews, FW, IPS, SMC

Have you ever been in the situation where you needed Stonesoft Support to help you troubleshoot a problem you are having only to be told to send them an sginfo and they will investigate?  Ever wonder why?

Continue reading »

written by SideKick - 1,190 views \\ tags: firewall, IPS, SMC, SSL VPN