APT vs. AET: Knowing the Difference and Mitigating the Threat

By on Jul 23, 2014

The security world, as many specialty fields, is full of acronyms. Those of us in the business know a SIEM from an IPS from a NGFW, and we’re happy to explain the difference to customers, many of whom know exactly what we’re talking about. There’s one set of acronyms, though, that can be confusing: APTs and AETs. Advanced Persistent Threats (APTs) are pretty well known, but Advanced Evasion Techniques (AETs), not so much. What you don’t know, however, can irrevocably damage your network.

Hackers use AETs to bypass security systems and carry out APTs, using the former as a “master key” to penetrate a seemingly locked-down network and exploit data. AETs conceal cyber-attacks by splitting up malicious payloads into smaller pieces, disguising them, and delivering them across multiple and rarely used protocols. After penetrating the network undetected, the malicious payloads reassemble to unleash malware and continue an APT attack.

APTs are specifically targeted attacks that require a high level of planning and stealth over a prolonged undertaking. APTs can go undetected for weeks or even months as they invisibly syphon data out of an organization. AETs offer evasion techniques, such as fragmentation, so that profit-motivated hackers can bypass security controls. AETs are not an attack by themselves but rather are used to mask a much larger APT.

A study by Vanson Bourne that McAfee commissioned earlier this year evaluated 800 CIOs and security mangers from the US, UK, France, Australia, Brazil and South Africa. The findings indicated that most respondents do not fully understand AETs and therefore lack the proper technology to mitigate such threats. As long as cyber-criminals have a better knowledge of AETs than the security experts tasked with blocking them, data breaches and hacks will continue to occur at an alarming rate.

What makes AETs so dangerous is that they provide the cyber-criminal with undetectable access to the networks through their “master key” capabilities. Most network security systems on the market now lack the technology to stop evasions, instead only analyzing single-protocol layers and individual segments. In other words, finding a known manipulation is easy, but detecting AETs mandates full-stack traffic analysis and normalization, protocol by protocol, a much more involved process.

The good news is there’s a way to do just that. It’s called McAfee’s Next Generation Firewall (NGFW). Our NGFW has a unique ability to detect and stop the presence of AETs before they infect your network.  By decoding and normalizing network traffic for protocols at every layer, NGFW tackles the root of the problem when it comes to AETs: their proclivity for invisibility. Always up to date, the layer of security afforded by NGFW is crucial to preventing AETs from slipping through networks and carrying out an APT.

Understanding the critical role AETs play in attacks is imperative to ensuring that network security measures are effective. The longer we debate the different meanings of AET vs. APT, the longer agencies, enterprises and sensitive data will be exposed to high risk. It’s high time to add a working definition of AETs to our acronym lexicon – and a way to stop them to our tool set.


About the Author

Ken Kartsen

Ken Kartsen is Senior Vice President of Public Sector for McAfee. In this position he oversees business development for the public sector. Kartsen has been responsible for public sector sales at leading technology companies for over 17 years, primarily in the security industry. His prior experience includes positions with Palo Alto Networks, IBM and NetSec. ...

Read more posts from Ken Kartsen

Subscribe to McAfee Securing Tomorrow Blogs