Stonesoft News
(2 votes, average: 3.50 out of 5)
Loading ...Read what head of Stonesoft´s vulnerability research team says about the challenges in evasion protection.
Dealing with evasions by Olli-Pekka Niemi
(3 votes, average: 4.67 out of 5) Loading ... (7 votes, average: 4.86 out of 5) Loading ...According to Frost and Sullivan, global spending on intrusion detection and prevention technologies in 2010 exceeded $ 1.5 billion USD. At the same time, organizations are growing increasingly concerned by attack sophistication, such as Stuxnet, APTs, and the recent incidents involving RSA and Comodo. Yet, what if the first factor was rendered completely ineffective, and the second increased in its success? If all that money goes down the drain due to ineffective technologies, and sophistication is increasing, what do we do next?
Last October, Stonesoft made friends and enemies alike with its announcement regarding research in advanced evasion techniques and their disclosure to CERT-FI for vulnerability coordination. The subsequent disclosure at RSA that an additional 124 techniques were disclosed on top of the original 23 was met with even more resounding silence.
What’s interesting is that all of the discussion focuses around irrelevant sidebars. Bob Walder of Gartner and NSS Labs have discounted the threat of AETs as “yesterday’s news”; after all, evasions aren’t new, so what’s the big deal? And granted, Bob does know a thing or two about evasions; as one of the founders of NSS Labs, he’s a pretty sharp guy and created a few evasions of his own back in the day. The second sidebar centers around the likelihood of AETs being seen in the wild. No one has heard or seen of them being used, so clearly they must not exist.
Yet I would say that these are distractions from the real issue: old or new, in use or not, the bottom line is : advanced evasion techniques work. They work against just about every IPS technology on the market and in your network today. They enable the delivery of any exploit to vulnerable systems at any time, without detection or notice. But don’t take our word for it. Contact us and we’ll be happy to demonstrate for you. Read the validation of third party testing. Or even better, test it yourself. We’ve now made the first AET samples, originally provided to CERT-FI last year available at www.antievasion.com.
Does it matter how old it is? No, unlike a fine wine, AETs don’t get better or worse with age. They simply are. They work.
And in most cases, they work well. Against any IPS technology, next generation firewall, content scanning system, or Web application firewall. Why? Because vendors have typically focused on providing you, the customer, with what you ask for rather than what you need. They design systems that favor performance shortcuts vs. real security. They’d rather invest in nice marketing materials than in an effective normalization engine that still maintains decent throughput.
Wouldn’t you rather have a vendor interested in making a better, more effective security technology for today’s threats? One that is more manageable, scalable, and simplified than what you’re doing now? Again, don’t take our word for it. Try it yourself. Learn why Stonesoft’s security solutions are:
Network Security. Simplified.
(6 votes, average: 5.00 out of 5) Loading ...30 august 1990 – 30 august 2010!
Today Stonesoft celebrates 20 years!
20 years ago two Heroes decided to found Stonesoft to bring high availability into security arena… time went by success after success, with the creation of the extremely successful StoneBeat technology, until the new millennium arrived.
Stonesoft decided that it was time for a new idea, and in 2000 we became a public company listed at Helsinki Stock Exchange and we brewed what today is our core cool superb technology: StoneGate!
Born as a Firewall with high availability in the DNA, StoneGate concept evolved to StoneGate Network Security Architecture: a legendary infrastructure providing in-depth layered security throughout all the enterprise, beyond the corporate boundaries to provide secure, authenticated access to applications in the cloud.
Hence today all Stonians everywhoere raise virtually a glass of the most excellent cyberwine for this double fantastic celebration: 20 years of Stonesoft, 10 years of StoneGate!
Happy Birthday Stonesoft, Happy Birthday StoneGate!
(4 votes, average: 3.75 out of 5) Loading ...If you’re headed to Black Hat like we are, there’s more to security than being cautious about the networks you connect to. Data at rest can also be a concern, both for the data on your devices as well as the data you may receive while there. Here’s our second security tip, to deal with the protection of that data.
The X-Files principle of Trust No One holds true in this case as well. We all love schwag, whether it’s simple things like stress balls, to more advanced things like iPad giveaways. In between everyone loves to pick up those USB sticks, which can be plain and simple or disguised as cute animals. But be careful, those animals can turn on you. In general, for a safer computing experience at Black Hat, do not trust any storage device handed to you by others. Whether it’s a USB drive or CD, or anything else (even that iPod you just won), they can contain viruses, Trojans or malware of any form. Even the ones that look professional can be dangerous. At best it’s good to discard them; if not at least scan them on a separate, up-to-date, sacrificial system first.
Second, if you are bringing a laptop, install and verify the operation of full-disk encryption software. Use AES-256 bit encryption or better. If the hard drive has a hardware encryption option as some external ones do, use that instead. And while you’re at the conference, be sure to power off or hibernate your laptop whenever it isn’t in use to maximize the effect of the encryption software. Free disk encryption programs exist, and modern Windows and OS X systems include encryption technologies built-in.
To learn more about computing safely, to try your hand at Hack The Lab, and to learn about Stonesoft’s award-winning network security solutions, be sure to stop by Booth 33!
(5 votes, average: 3.60 out of 5) Loading ...…and for real! Look at this picture:
Taken at 6150 meters on the way to top of Mount Everest, this picture shows we do secure they clouds wherever they are (well, actually the sky is crystal clear in the background… but still!)
The team (Ascensio, our logo, our mighty Flag) reached Camp 1 and went up to 6352 mt before returning bit down to continue acclimatization.
And wind at 30 knots/s and ice like popcorn and sound of collapsing avalanches contributes greatly to focus on one sole goal: go on to the Top!
Wanna know more? Read the post on Ascensio website… it really transmits lots of different sensations that those valued heroes are living and so beautifully sharing with us.
They are Stonians in the kernel, no doubts about!
(6 votes, average: 3.83 out of 5) Loading ...
I’m proud to announce that Stonesoft is ready to bring security to highest place in the world, by sponsoring an expedition to Mount Everest.
In next weeks, Ascensio group will try to make it to the top of Mount Everest bringing a bit of Stonesoft with them.
We’ll actively follow the expedition on this blog, providing report, news and maybe even pictures as the trip goes by.
Stay tuned, to reach with us all the top of the world!
Recent Comments