New Advanced Evasion Techniques Discovered and Disclosed for Global Vulnerability Coordination
(Thomson Reuters ONE) -
Stonesoft discovers 124 new AETs
Helsinki, Finland - February 15, 2011 - Stonesoft, an innovative provider of
integrated network security and business continuity solutions, today announced
it has discovered 124 new advanced evasion techniques (AETs). Samples of these
AETs have been delivered to the Computer Emergency Response Team (CERT-FI), who
will continue to coordinate a global vulnerability coordination effort.
The discovery of AETs was first reported in October 2010 and confirmed by ICSA
Labs. Since that time, Stonesoft has continued extensive research in the area,
which has led to the discovery of 124 new threats. Stonesoft continues to
research AETs found in its R&D laboratories and in the wild.
Many vendors claimed to have "fixed" the product vulnerabilities disclosed in
CERT-FI's initial advisories on the 23 AETs discovered last fall. However, real-
life testing in Stonesoft's research lab confirms that AETs are still able to
penetrate many of these systems without detection. In other cases, simple
microscopic changes to an AET - such as changing byte size and segmentation
offset - allow them to bypass the product's detection capabilities. This
demonstrates that most vendors are only providing temporary and inflexible fixes
to the growing AET concern, rather than researching and solving the fundamental
architecture issues that give way to these vulnerabilities.
"It seems that those who claim to have 100 percent protection against advanced
evasion techniques do not really understand the magnitude of the problem nor
have they done enough research around the issue. The discoveries made so far are
only the tip of the iceberg," says Joona Airamo, chief information security
officer at Stonesoft.
Traditional and advanced evasion techniques have become of increasing concern to
the network security community. In its Network IPS Group Test Q4 2010,
independent testing lab NSS Labs described IP fragmentation and TCP segmentation
evasions as a grave threat stating "if an attacker can avoid detection by
fragmenting packets or segmenting TCP streams, an Intrusion Prevention System
will be completely blind to ALL attacks."
"Missing an evasion means a hacker can use an entire class of exploits to
circumvent a security product, rendering it virtually useless," said Rick Moy,
president, NSS Labs. "Combining certain evasions further increase the likelihood
of success for attackers, and elevates the risk to enterprises."
While there is no single solution to eliminating the threat of AETs,
organizations can mitigate the risks and lessen their vulnerability. One such
way is making sure the security devices they use do a proper multilayer
normalization process, working on all relevant protocol layers for each
connection. Centralized management is also critical as it enables constant
updates and upgrades to be made deep within a network's security architecture.
Unfortunately, fingerprinting and signature-based matching - typical security
responses for the actual exploits - do not work with the dynamic, combinatory
and constantly evolving nature of AETs.
Bob Walder, research director at Gartner, Inc., who discussed AETs at length in
his November 2010 report entitled Advanced Evasion Techniques (AET): Weapon of
Mass Destruction or Absolute Dud comments: ""Evasion techniques are not new, yet
still present a credible threat against the network security infrastructure that
protects governments, commerce and information-sharing worldwide. Recent
research has, thankfully, forced this issue once again into the spotlight, and
network security vendors need to devote the research and resources to finding a
solution."
Stonesoft has also released packet capture descriptions for several of the AETs
originally disclosed to CERT-FI in 2010, which can be viewed here. For
information on how to protect against AETs, please visit www.antievasion.com or
www.stonesoft.com.
Contact:
For more details, please contact:
Joona Airamo
Stonesoft Corporation
Tel. +358 9 476 711
E-mail: joona.airamo(AT)stonesoft.com
Klaus Majewski
Tel. +358 40 824 7908
E-mail: klaus.majewski(AT)stonesoft.com
About Stonesoft
Stonesoft Corporation (NASDAQ OMX: SFT1V) is an innovative provider of
integrated network security solutions to secure the information flow of
distributed organizations. Stonesoft customers include enterprises with growing
business needs requiring advanced network security and always-on business
connectivity.
StoneGate(TM) Secure Connectivity Solution unifies firewall, VPN, IPS and SSL
VPN blending network security, end-to-end availability and award-winning load
balancing into a unified and centrally managed system. The key benefits of the
StoneGate solution include low TCO, excellent price-performance ratio and high
ROI. The StoneGate Virtual Security Solutions protect the network and ensure
business continuity in both virtual and physical network environments.
StoneGate Management Center provides unified management for StoneGate Firewall
with VPN, IPS and SSL VPN. StoneGate Firewall and IPS work together to provide
intelligent defense all over the enterprise network while StoneGate SSL VPN
provides enhanced security for mobile and remote use.
Founded in 1990, Stonesoft Corporation is a global company with corporate
headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia.
For more information, visit www.stonesoft.com, www.antievasion.com and the
corporate blog http://stoneblog.stonesoft.com.
This announcement is distributed by Thomson Reuters on behalf of
Thomson Reuters clients. The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and
other applicable laws; and
(ii) they are solely responsible for the content, accuracy and
originality of the information contained therein.
Source: Stonesoft Oyj via Thomson Reuters ONE
[HUG#1488923]
Unternehmensinformation / Kurzprofil:
Datum: 15.02.2011 - 09:07 Uhr
Sprache: Deutsch
News-ID 51478
Anzahl Zeichen: 6743
contact information:
Town:
Helsinki
Kategorie:
Business News
Diese Pressemitteilung wurde bisher 216 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"New Advanced Evasion Techniques Discovered and Disclosed for Global Vulnerability Coordination"
steht unter der journalistisch-redaktionellen Verantwortung von
Stonesoft Oyj (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).
