Embed Size (px)
Citation preview
Contents Summary – the Evader story
AETs – what are they?
AETs – what the experts say
Current security devices fail on AETs
The risk from AETs
Evader – what is it?
Evader – who is it for?
Evader – how does it work?
What if you are not AET-ready?
AET-ready solutions
The Evader story Stonesoft has been researching advanced evasions since 2007. In the early days, Stonesoft found that all security products, including Stonesoft’s own, failed to detect AET-borne cyber attack. Stonesoft created anti-evasion technology, including full stack, multilayer
normalization, and stream-based data inspection and detection, to protect
organizations from AETs.
Stonesoft has been regularly reporting AETs to CERT since 2010. Stonesoft’s lab tests for about two million evasion combinations everyday. Published tests and competitor products are claiming 100% protection but are only testing for exploit fingerprints – and AET detection cannot be simply patched by software update. Stonesoft shows regular open tests (e.g. Black Hat) to demonstrate the failure of well-known vendors’ products to defend against AETs.
But vendors and published appliance tests still claim 100% threat protection! Now Evader – the ready-made evasion test lab – is available for free. All organizations can use Evader to conclusively real-world test their own security against AETs – and find out the truth.
Advanced Evasion Techniques
What are AETs and why do they exist?
Advanced Evasion Techniques (AETs) o What are they?
o Any hacking technique/method used to implement network based attacks in order to evade and bypass security detection
o What makes them advanced? o Combinations of evasions working
simultaneously on multiple protocol layers
o Combinations of evasions that can change during the attack
o Carefully designed to evade inspection
The AET threat
1) Increasing threat research, testing and understanding by the security community
2) Used by nation states and advanced cyber criminals in targeted and persistent cyber attacks
3) Enables the recycling of any exploit (known or unknown)
4) The majority of current security devices are incapable of detecting and stopping AETs
5) They leave no trace. This creates the illusion of security
5 FACTS WE KNOW ABOUT
Should we do something?
Meanwhile, other
network security vendors
have kept radio
silence!
“Advanced Evasion Techniques can evade many network security systems. We were able to validate Stonesoft’s research and believe that these Advanced Evasion Techniques can result in lost corporate assets with potentially serious consequences for breached organizations.”
– Jack Walsh, Program Manager
“If the network security system misses any type of evasion it means a hacker can use an entire class of exploits to circumvent security products, rendering them virtually useless. Advanced Evasion Techniques increase the potential of evasion success against the IPS, which creates a serious concern for today’s networks.”
– Rick Moy, President
“Recent research indicates that Advanced Evasion Techniques are a real and credible – not to mention growing – threat against the network security infrastructure that protects governments, commerce and information-sharing worldwide. Network security vendors need to devote the research and resources to finding a solution.”
– Bob Walder, Research Director
“We believe AETs pose a serious threat to network security and have already seen evidence of hackers using them in the wild. It is also very promising to see that Stonesoft is taking the threat posed by evasions seriously as they have been overlooked by many in the past.”
-Andrew Blyth, Professor of Glamorgan University
For the record
TCP level Segments, pseudo packets
IP level Packets
Application Protocol layers (Streams)
Data Traffic
1 2 Partial or No Evasion Removal Majority of the traffic is left without evasion removal and inspected with limited context information available.
1
2
Limited Protocol decoding and inspection capability to gain speed.
3
3 Detect and Block Exploits Unreliable or impossible exploit detection when evasion are not removed on all layers.
Vertical Inspection of the data traffic Packet, segment or pseudo -packet based inspection process
Maximum Inspection Space
TCP level Segments, pseudo packets
IP level Packets
Application Protocol level (Streams)
Data Traffic
1 2 3 4
1 2 3 4 Normalize traffic on all protocol layers as a continious process.
Advanced Evasion removal process makes the traffic evasion free and exploits detectable.
Detect exploits from the fully evasion free data stream.
Alert and report Evasion attacks through management system
1
1
Horizontal Data stream based, full Stack normalization and inspection process
…Continuous Inspection Space…
There is a difference! Stonesoft Other vendors
Consider the risk 1) Vulnerability to AETs makes an easy
target for sophisticated hackers
2) The cost of being hacked is always higher than protection (the business case)
3) The cost of network breach can include loss of brand value, reputation, business relationships, as well as financial loss
4) You can be totally unaware of successful AET-borne attacks
5) And, sorry to say this, but as we speak you are probably vulnerable*
*Current NGFW/IPS/IDS technologies are ineffective against Advanced Evasion Techniques because of a fundamental design flaw
“There are two types of CISO, those that have been attacked, and those who don’t know they’ve been attacked”
TEST WITH EVADER
How do you know if you are protected from AETs?
Launch controlled AET attacks at your own defenses
The world’s first downloadable software-based
AET testing environment
Not a hacking tool or penetration test – Evader
tests if a known exploit can be delivered using
AETs through your current security devices to a
target host
Designed to test NGFW, IPS and UTM network
security appliances from McAfee, SourceFire,
Checkpoint, HP/Tipping Point, Cisco, Palo Alto
Networks, Juniper, Fortinet, Stonesoft and many
more
Free to download, easy to run, and even a little
fun to use!
Evader benefits security specialists and C-level
Information security professionals – discover the real-world truth behind
device capabilities
CIOs – re-assess risk strategy and consider network resilience as a
component of the corporate – and operational – risk profile
CEOs and COOs – take into account the effects of security breaches on
brand, reputation and business relationships, as well as profits
Researchers, academics, commentators and competitors – help save
businesses from devastating AET attacks
And hackers can learn that the security industry has the tools to fight
back against the most advanced threats
Evader – for all organizations that are potential targets for cyber attacks
Governments and defense
SCADA and ICS networks
All organizations with digital assets
Finance and banking
Telecoms and media
Transport and logistics
When to test with Evader
What next if you are not protected?
ATTACK SUCCEEDED: OPEN SHELL
Let’s end the industry’s illusion of security
Ask your vendor why you are not safe from
AETs
Ask your vendor
when they will be
AET-ready
While-U-wait get protected NOW with the
Stonesoft EPS
Stonesoft’s own tests with other vendors’ current NGFW, IPS and UTM devices – following full-device configuration –
have had very poor results. Unfortunately you can expect the same.
The Stonesoft EPS as an “Infrastructure Patch”
EPS
All Stonesoft solutions detect and prevent AET cyber attacks
Stonesoft Security Engine
Fully integrated, adaptive, high manageability, world-leading network security – respond to business and environment changes without taking CAPEX or OPEX hits.
Transformable to any next generation security product without license changes.
Flexible and fully featured – choose from SMB to military-grade protection.
Free future updates, upgrades and performance improvements. Full AET protection.
Stonesoft IPS
High performance Next Gen IPS, upgradable to the full Security Engine via license upgrade.
Free updates. Full AET protection.
Stonesoft EPS
Cost-effective AET “infrastructure patch”, upgradable to the full Security Engine or Next Gen IPS via license upgrades
Free updates. Full AET protection.
A Stonesoft Innovation
evader.stonesoft.com
