To help organizations protect their networks against the threat of advanced evasion techniques (AETs), Stonesoft shares six tips for the protection of critical data assets and systems. Stonesoft, a provider of integrated network security and business continuity solutions, announced the first discovery of AETs in fall 2010.
“Today’s professional attackers are more sophisticated and focused than ever before. They go through great pains to avoid detection by legacy security solutions and processes. There is no quick fix, but progressive security professionals and security vendors constantly search for new techniques to improve defensive capabilities.”
According to Stonesoft, by challenging the rules of traditional evasion techniques and combining multiple evasions, AETs are currently undetectable by existing network security systems, like intrusion prevention systems (IPS) and other traffic inspection devices. Since the first discovery of this new category of network security threats, more than 145 AETs have been delivered to the Computer Emergency Response Team in Finland (CERT-FI), which has issued multiple advisories to vendors as part of their global vulnerability coordination efforts. Reaction from the vendor community to these advisories has been mixed.
Ted Julian, principal analyst at Yankee Group comments: “Today’s professional attackers are more sophisticated and focused than ever before. They go through great pains to avoid detection by legacy security solutions and processes. There is no quick fix, but progressive security professionals and security vendors constantly search for new techniques to improve defensive capabilities.”
Stonesoft has organized the following six tips to increase protection of critical data and system assets.
Click through for six tips to increase protection levels of critical data and system assets against advanced evasion techniques (AETs), as identified by Stonesoft.
AETs differ from traditional evasions in many ways, and it is important to understand that they are not attacks, but delivery methods to carry payloads to the vulnerable target without being detected by firewall and IPS devices. There is no bullet-proof solution, but you can minimize the risk of exploitation through multi-layer traffic normalization and the use of an intelligent security platform that can be continuously updated against AETs.
Audit your critical infrastructure and analyze the most significant assets of your organization, how and where they are currently stored, and whether the information is backed up. Prioritize and make sure your critical assets and public services have the best possible protection against AETs.
When possible, patching vulnerable systems provides ultimate protection against network attacks, regardless of whether they have been delivered by AETs. Evasions may help the attacker bypass IPS or next generation firewalls (NGFW), but they cannot actually attack a patched system. However, because patch testing and deployment takes time under even the best circumstances, additional IPS and security measures must be taken.
Evaluate the capabilities of your existing IPS and NGFW to protect your network against AETs. How effective is it against evasions today? Does it enable you to react quickly to attacks or easily update against newly-discovered threats? Be critical, proactive and look for alternative options. Keep in mind that AETs have changed the security landscape permanently. It is a fact that if a security device is not capable of handling evasions, it is practically useless – no matter how good of a block rate it has or how many certifications or awards it has won.
Centralized management plays a crucial role in protecting against AETs. It allows organizations to automate AET updates and schedule software upgrades remotely and effortlessly, thus making sure they always deploy the best possible protection against AETs.
Many security vendors know how to survive simulated and recorded evasions when these are well predefined and stable in lab environment. However, when facing live and dynamic evasion disguised exploits, these systems go blind and are incapable of protecting your data assets. If you really want to know the level of your current protection against AETs, field testing is required.