Security firm Stonesoft has released an Advanced Evasion Technique (AET) defence system and testing tool in quick succession.
Stonesoft describes AETs as a new generation of hacking techniques that enable malware, viruses, worms and other security threats to bypass next-generation firewalls and intrusion prevention systems (IPS).
AETs are used to attack networks by combining several known evasion methodologies to create new and dynamically changing techniques that can be delivered over several layers of a network simultaneously.
In February 2011, Stonesoft announced the discovery of 124 new advanced evasion techniques since the first group of 23 were reported in October 2010.
The security firm claims that the AET cyber threats can bypass most network security systems and next-generation firewall products.
Free version of Evader AET testing tool
To prove that claim, the firm has released a free version of its testing tool, called Evader, for organisations to run confidential and controlled tests against their own networks using real AETs.
Evader launches sets of AETs against next-generation firewall (NGFW), intrusion prevention system (IPS) and unified threat management (UTM) products to help organisations establish the threat AETs pose to their network and business-critical digital assets.
Stonesoft has announced the availability of its Evasion Prevention System (EPS), which is says has been tested against 800 million AET combinations.
The Stonesoft EPS plugs into the network and runs alongside existing intrusion prevention and next-generation firewall devices to provide protection against AETs.
The EPS has also been incorporated into Stonesoft’s own IPS, next-generation firewall products and security engine.
"The recent spate of cyber attacks against major organisations runs alongside growing evidence of the malicious use of AETs in the wild," said Ilkka Hiidenheimo, chief executive of Stonesoft.
"It is highly unlikely that this is a simple coincidence."
Hackers bypass network security
The attacks, Hiidenheimo said, demonstrate that, despite security suppliers promising 100% protection against AETs, hackers are still finding ways to bypass network security appliances.
“Network security vendors have patched for AETs where they can, but for every hole patched ten more appear," said Hiidenheimo.
"Protecting against AETs requires a new kind of security device that can work alongside firewalls and IPS systems to normalise data and analyse it on multiple protocol levels."
Network security vendors have ignored the problem posed by AETs for a number of years, according to Andrew Blyth at Glamorgan University, an AET expert.
“Stonesoft’s Evader test tool makes securing against AETs accessible for organisations of all sizes,” Blyth said.
"Hopefully, this will encourage the whole network security industry to come together and seriously research AETs and their ongoing threat."
Test your security supplier's guarantees
Evader ensures corporations and government agencies do not have to rely on third-party testing and suppliers´ guarantees to understand if their security solutions can withstand AET attacks.
The standalone test tool gives organisations the ability to assess anti-evasion readiness with their own configurations and security policies, without any third-party involvement.
Organisations can then take the test results to their security suppliers and ask why AETs are by-passing their defences almost two years after AETs were discovered and information about the vulnerability shared through the international network of Computer Emergency Response Teams (CERTs), said Ash Patel, Stonesoft country manager, UK & Ireland.
Through this process, every security supplier was given the opportunity to fix the problem. After the vulnerability was published, a number of suppliers claimed they had updated their products to defend against AET.
Evader is an education tool that is safe to use and gives organisations an opportunity to test suppliers' claims about AET defences, said Patel.
Stonesoft will check that only legitimate organisations download the tool, but even if it were to fall into the wrong hands, Evader cannot be modified to import new attack vectors to be used as a hacking tool, Patel told Computer Weekly.
"It is important for the user community to know if they are vulnerable or not, and have the means to question what their security suppliers are telling them," said Patel.