By Maximilian Clarke
“Almost all computer networks are at risk because businesses have a cavalier attitude to security” warns Rob Smith, Chief Operating Officer of Intergence Systems, as his company demonstrates how vulnerable firewalls are to attack.
Intergence’ network security partner, Stonesoft, has recently introduced 163 new Advanced Evasion Techniques (AET), a new species of evasion techniques, which can bypass 99% of existing security systems without being detected. The new samples include AETs over a number of various protocols, including IPv4, IPv6, TCP and HTTP. A practically unlimited number of combinations can be run simultaneously on several protocol layers.
Evasion techniques are a way of disguising and/or modifying cyber attacks to avoid detection and blocking by information security systems.
“These evasions are a real eye-opener and highlight how many businesses still have a fairly cavalier attitude to security,” said Rob Smith, Chief Operating Officer at Intergence. “A combination of various dynamic modified attacks used together can evade even the most powerful of security detection devices; stealth capabilities of AETs can be used with existing worms to deliver powerful attacks.”
The number of AETs has been growing exponentially year on year and Rob Smith recommends that businesses take the following actions to protect their networks:
•Always use an AET aware dynamic software security solution
•Always use continuous and automatic updates and patches
•Audit and assess their critical infrastructures and then aim to protect those critical assets
“Very few vendors have truly understood the magnitude of the problem, while some are struggling to provide some kind of protection. Most of the vendors who acknowledge the problem are incapable of building a working solution - instead, they are keeping themselves busy doing temporary and inflexible fixes. The rest just ignore the issue and do nothing,” added Ilkka Hiidenheimo, founder and Chief Executive Officer of Stonesoft.
Join us on