Advanced Evasion Techniques Bypass Current Network Security Systems
Stonesoft Press Release, Helsinki, Finland — October 18, 2010 — Stonesoft, an innovative provider of integrated network security and business continuity solutions, today announced the discovery of new, advanced evasion techniques (AET) that can pose a serious threat to existing network security systems worldwide. These AET threats significantly extend what is known today about evasion techniques. The details of this discovery have been shared with CERT-FI in Finland for vulnerability coordination purposes and validated by ICSA Labs.
Essentially, AETs provide today’s cyber-criminals with a master key to access any vulnerable system such as ERP and CRM applications by bypassing today’s network security systems. As a result, companies may suffer a significant data breach including the loss of confidential corporate information. Additionally, these types of AETs could be used by organized crime and cyber terrorists to conduct illegal and potentially damaging activities.
Discovered in Stonesoft’s research labs in Helsinki, Stonesoft reported the discovery and sent samples of AETs to the national computer security incident response team CERT-FI as well as ICSA Labs, an independent division of Verizon Business that offers third-party testing and certification of security products and network-connected devices. Charged with globally coordinating the remediation of the identified vulnerabilities with network security vendors, CERT-FI issued a vulnerability statement about advanced evasion techniques on October 4, and also plans to update it today (Oct. 18).
"The issues identified by Stonesoft affect a range of content inspection technology. Continuous co-operation among CERT-FI, Stonesoft and other network security vendors is essential for remediating the identified vulnerabilities. CERT-FI strives to facilitate this process," said Jussi Eronen, Head of Vulnerability Coordination at CERT-FI.
“We have reason to believe that we have seen just the tip of the iceberg,” said Juha Kivikoski, Chief Operating Officer at Stonesoft. “The dynamic and undetectable nature of these advanced evasion techniques has the potential to directly affect the network security landscape. The industry is facing a non-stop race against this type of advanced threats and we believe only dynamic solutions can address this vulnerability.”
“Stonesoft has discovered new ways AETs can evade many network security systems,” said Jack Walsh, intrusion detection and prevention program manager at ICSA Labs. “We were able to validate Stonesoft’s research and believe that these advanced evasion techniques can result in lost corporate assets with potentially serious consequences for breached organizations.”
AETs in the Wild
Stonesoft experts discovered the new threats while testing their own StoneGate network security solution with the latest and most advanced attacks. Field tests and experimental data show many of the existing network security solutions fail to detect AETs and thus fail to block the attack inside.
Stonesoft cautions that hackers across the globe may already be using AETs in advanced, targeted attacks. With only a select few products available to provide protection, organizations may be challenged to protect their systems quickly.
Best Defense Against AETs.
The best defense against the dynamic and ever-evolving nature of AETs is delivered through flexible, software-based security systems with remote update and centralized management capabilities, such as the Stonesoft StoneGate network security solution. These types of systems offer an unbeatable advantage against new dynamic threats such as AETs.
However, most organizations today use static hardware-based solutions, which can be difficult or even impossible to update against rapidly evolving and dynamic threats.
For more information on advanced evasion techniques and to join the discussion on how the network security industry can combat them, please visit www.antievasion.com and follow the topic on Twitter at http://twitter.com/anti_evasion. For more information on Stonesoft’s StoneGate network security solutions, please visit www.stonesoft.com.
ICSA Labs Media Contact:
Brianna Carroll Boyle, Public Relations Manager, Verizon and ICSA Labs
CERT-FI Vulnerability Coordination can be contacted as follows:
Email: firstname.lastname@example.org, Please quote the advisory reference [FICORA #385726] in the subject line
Telephone: +358 9 6966 510, Monday - Friday 08:00 - 16:15 (EET: UTC+2)
Fax: +358 9 6966 515
Post: Vulnerability Coordination, FICORA/CERT-FI, P.O. Box 313, FI-00181 Helsinki FINLAND
CERT-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at https://www.cert.fi/en/activities/contact/pgp-keys.html.
The CERT-FI vulnerability coordination policy can be viewed at https://www.cert.fi/en/activities/Vulncoord/vulncoord-policy.html.