SAN FRANCISCO, Feb. 14 (UPI) -- More than 100 advanced evasion techniques used by hackers have been discovered and researched by Stonesoft, a California network security company.
Stonesoft, which originally reported the discovery of the 23 AETs last October, will detail its findings at this week's RSA information security conference in San Francisco.
"It seems that those who claim to have 100 percent protection against advanced evasion techniques do not really understand the magnitude of the problem nor have they done enough research around the issue," said Joona Airamo, chief information security officer at Stonesoft. "The discoveries made so far are only the tip of the iceberg."
Stonesoft said that since the discovery of AETs was first reported and confirmed by ICSA Labs, it has continued extensive research in the area and discovered 124 new threats to computer network security.
Stonesoft said that while many vendors claimed to have "fixed" product vulnerabilities disclosed in initial industry advisories, real-life testing in Stonesoft's research lab confirms that AETs are still able to penetrate many of these systems without detection.
In other cases, microscopic changes to an AET -- such as changing byte size and segmentation offset -- allow them to bypass the product's detection capabilities.
While there is no single solution to eliminating the threat of AETs, organizations can mitigate the risks and lessen their vulnerability, Stonesoft said in a news release. One such way is making sure the security devices they use do a proper multi-layer normalization process, working on all relevant protocol layers for each connection.
Centralized management is also critical as it enables constant updates and upgrades to be made deep within a network's security architecture. Unfortunately, fingerprinting and signature-based matching -- typical security responses for the actual exploits -- don't work with the constantly evolving nature of AETs.
Stonesoft, which originally reported the discovery of the 23 AETs last October, will detail its findings at this week's RSA information security conference in San Francisco.
"It seems that those who claim to have 100 percent protection against advanced evasion techniques do not really understand the magnitude of the problem nor have they done enough research around the issue," said Joona Airamo, chief information security officer at Stonesoft. "The discoveries made so far are only the tip of the iceberg."
Stonesoft said that since the discovery of AETs was first reported and confirmed by ICSA Labs, it has continued extensive research in the area and discovered 124 new threats to computer network security.
Stonesoft said that while many vendors claimed to have "fixed" product vulnerabilities disclosed in initial industry advisories, real-life testing in Stonesoft's research lab confirms that AETs are still able to penetrate many of these systems without detection.
In other cases, microscopic changes to an AET -- such as changing byte size and segmentation offset -- allow them to bypass the product's detection capabilities.
While there is no single solution to eliminating the threat of AETs, organizations can mitigate the risks and lessen their vulnerability, Stonesoft said in a news release. One such way is making sure the security devices they use do a proper multi-layer normalization process, working on all relevant protocol layers for each connection.
Centralized management is also critical as it enables constant updates and upgrades to be made deep within a network's security architecture. Unfortunately, fingerprinting and signature-based matching -- typical security responses for the actual exploits -- don't work with the constantly evolving nature of AETs.
No comments:
Post a Comment