Stonesoft Introduces New Anti-Evasion Readiness Test Tool and Service

Recent severe security breaches highlight the importance of network security

Stonesoft Press Release, Helsinki, Finland — June 1, 2011 — Stonesoft today announced the debut of the world’s first Anti-Evasion Readiness Test™ service. This service tests how well an organization’s critical digital assets are protected against advanced evasion techniques (AETs). The service will be provided by selected, independent IT service organizations around the world.

The Anti-Evasion Readiness Test service leverages the StoneGate evasion testing software developed by Stonesoft Labs to test, assess and report security devices’ capabilities to protect against advanced evasion techniques (AETs). AETs are a means to disguise and/or to modify network attacks to avoid detection and blocking by the network security systems. In practice, evasions enable advanced cyber criminals to deliver any malicious content, exploits or attacks to a vulnerable system without leaving a trace. Based on latest knowledge and research, AETs can bypass the majority of the existing security devices.

The service has been developed to meet the needs of organizations relying on network security devices like Next Generation Firewalls and Intrusion Prevention Systems with deep packet inspection. These devices protect mission critical computer networks, sensitive data assets, critical systems such as CRM and ERP, and SCADA networks. These systems are attractive targets for cyber criminals and AETs offer an effective way of executing successful attacks. For many organizations, securing these areas is crucial for meeting compliance and audit requirements.

“The recent security breaches highlight the growing importance of network security. The first step to mitigating risks is to improve your understanding and awareness about the level of existing network security. The worst thing is to have a false perception of being safe or being dependent on vendor claims only. The Anti-Evasion Readiness Test Service provides organizations with an independent, realistic and definitive answer to the question of how well their network security devices protect against advanced evasion techniques,” said Klaus Majewski, Director of Business Development at Stonesoft Corporation.

The Anti-Evasion Readiness Test service will be offered by vendor independent, qualified IT service providers around the world. The availability of the service is expected to spread fast as major providers take it as part of their portfolio.

“There is a strong demand from our customers for this kind of a service. Today, there are a lot of claims and hearsay around the threat posed by evasions, and customers need clear facts. Understanding how effective or ineffective an organization’s security devices are against AETs is an important part of IT risk management. The service is a valuable component of security audits, the product evaluation process or the re-configuration of current devices to add AET protection. The test service will help organizations optimize their security strategy”, adds Majewski.

The StoneGate evasion testing tool is the most comprehensive evasion testing software on the market today, including also the most recent evasion techniques discovered by Stonesoft, which have been reported to the vendor community through the CERT coordination process. What distinguishes the Anti-Evasion Readiness Test service from the existing lab and vendor device testing methods is that the tests are conducted using the organizations’ own security devices and configurations as they are running in production environment.

As an end result of the service, customers will get a comprehensive test report about evasion detection and block rates on different protocol levels. The test report also includes practical recommendations and risk mitigation advice. The test does not require any in house expertise or investments in the testing tools.

Read more about the Anti-Evasion Readiness Test service at and