New Advanced Evasion Techniques Discovered and Disclosed for Global Vulnerability Coordination

Stonesoft Announces Discovery of 124 New AETs at RSA Conference 2011

Booth 2533
RSA Conference 2011

SAN FRANCISCO--()--Stonesoft, an innovative provider of integrated network security and business continuity solutions, today announced it has discovered 124 new advanced evasion techniques (AETs). Samples of these AETs have been delivered to the Computer Emergency Response Team (CERT-FI), who will continue to coordinate a global vulnerability coordination effort. Attendees at RSA Conference 2011, held February 14-18, 2011, can stop by booth 2533 in the Moscone Center to learn more.

The discovery of AETs was first reported in October 2010 and confirmed by ICSA Labs. Since that time, Stonesoft has continued extensive research in the area, which has led to the discovery of 124 new threats. Stonesoft continues to research AETs found in its R&D laboratories and in the wild.

Many vendors claimed to have “fixed” the product vulnerabilities disclosed in CERT-FI’s initial advisories on the 23 AETs discovered last fall. However, real-life testing in Stonesoft’s research lab confirms that AETs are still able to penetrate many of these systems without detection. In other cases, simple microscopic changes to an AET – such as changing byte size and segmentation offset – allow them to bypass the product’s detection capabilities. This demonstrates that most vendors are only providing temporary and inflexible fixes to the growing AET concern, rather than researching and solving the fundamental architecture issues that give way to these vulnerabilities.

“It seems that those who claim to have 100 percent protection against advanced evasion techniques do not really understand the magnitude of the problem nor have they done enough research around the issue. The discoveries made so far are only the tip of the iceberg,” says Joona Airamo, chief information security officer at Stonesoft.

Traditional and advanced evasion techniques have become of increasing concern to the network security community. In its Network IPS Group Test Q4 2010, independent testing lab NSS Labs described IP fragmentation and TCP segmentation evasions as a grave threat stating “if an attacker can avoid detection by fragmenting packets or segmenting TCP streams, an Intrusion Prevention System will be completely blind to ALL attacks.”

"Missing an evasion means a hacker can use an entire class of exploits to circumvent a security product, rendering it virtually useless,” said Rick Moy, president, NSS Labs. “Combining certain evasions further increase the likelihood of success for attackers, and elevates the risk to enterprises.”

While there is no single solution to eliminating the threat of AETs, organizations can mitigate the risks and lessen their vulnerability. One such way is making sure the security devices they use do a proper multilayer normalization process, working on all relevant protocol layers for each connection. Centralized management is also critical as it enables constant updates and upgrades to be made deep within a network’s security architecture. Unfortunately, fingerprinting and signature-based matching – typical security responses for the actual exploits – do not work with the dynamic, combinatory and constantly evolving nature of AETs.

Bob Walder, research director at Gartner, Inc., who discussed AETs at length in his November 2010 report entitled Advanced Evasion Techniques (AET): Weapon of Mass Destruction or Absolute Dud comments: “Evasion techniques are not new, yet still present a credible threat against the network security infrastructure that protects governments, commerce and information-sharing worldwide. Recent research has, thankfully, forced this issue once again into the spotlight, and network security vendors need to devote the research and resources to finding a solution.”

Stonesoft has also released packet capture descriptions for several of the AETs originally disclosed to CERT-FI in 2010, which can be viewed here. For information on how to protect against AETs, please visit www.antievasion.com or www.stonesoft.com.

About Stonesoft

Stonesoft Corporation (NASDAQ OMX: SFT1V) delivers proven, innovative solutions that simplify network security management for even the most complex network environments. The StoneGate Platform unifies management of entire networks—including StoneGate and third-party devices—blending integrated threat management, end-to-end high availability and network optimization into a centrally controlled system. As a result, Stonesoft provides the highest levels of proactive control, always-on connectivity and compliance at the lowest total cost of ownership (TCO) on the market today. Founded in 1990, the company is an established leader in network security innovation with corporate headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia. For more information, visit www.stonesoft.com, www.antievasion.com and the corporate blog http://stoneblog.stonesoft.com.

Contacts

Stonesoft Corporation
Hannah Bower, 404.247.1123
hannah@bower-communications.com

Release Summary

Stonesoft announces the discovery of 124 new advanced evasion techniques (AETs) at RSA Conference 2011.

Contacts

Stonesoft Corporation
Hannah Bower, 404.247.1123
hannah@bower-communications.com