Six Tips for Protecting Critical Data Against Advanced Evasion Techniques

March 30, 2011

Tools

ATLANTA--(BUSINESS WIRE)-- To help organizations protect their networks against the threat of advanced evasion techniques (AETs), Stonesoft shares six tips for the protection of critical data assets and systems. Stonesoft, an innovative provider of integrated network security and business continuity solutions, announced the first discovery of AETs in fall 2010.

By challenging the rules of traditional evasion techniques and combining multiple evasions, AETs are currently unable to be detected by existing network security systems, like intrusion prevention systems (IPS) and other traffic inspection devices. Since the first discovery of this new category of network security threats, more than 145 AETs have been delivered to the Computer Emergency Response Team in Finland (CERT-FI), which has issued multiple advisories to vendors as part of their global vulnerability coordination efforts. Reaction from the vendor community to these advisories has been mixed.

Ted Julian, principal analyst at Yankee Group comments: “Today’s professional attackers are more sophisticated and focused than ever before. They go through great pains to avoid detection by legacy security solutions and processes. There is no quick fix, but progressive security professionals and security vendors constantly search for new techniques to improve defensive capabilities.”

Organizations should follow the six tips listed below to increase their level of protection:

1. Increase your knowledge. AETs differ from traditional evasions in many ways, and it is important to understand that they are not attacks, but delivery methods to carry payloads to the vulnerable target without being detected by firewall and IPS devices. There is no bullet-proof solution, but you can minimize the risk of exploitation through multi-layer traffic normalization and the use of an intelligent security platform that can be continuously updated against AETs.

2. Analyze the risks. Audit your critical infrastructure and analyze the most significant assets of your organization, how and where they are currently stored, and whether the information is backed up. Prioritize and make sure your critical assets and public services have the best possible protection against AETs.

3. Re-evaluate your patch management. When possible, patching vulnerable systems provides ultimate protection against network attacks, regardless of whether they have been delivered by AETs. Evasions may help the attacker bypass IPS or next generation firewalls (NGFW), but they cannot actually attack a patched system. However, because patch testing and deployment takes time under even the best circumstances, additional IPS and security measures must be taken.

4. Re-evaluate your existing intrusion prevention solution. Evaluate the capabilities of your existing IPS and NGFW to protect your network against AETs. How effective is it against evasions today? Does it enable you to react quickly to attacks or easily update against newly-discovered threats? Be critical, proactive and look for alternative options. Keep in mind that AETs have changed the security landscape permanently. It is a fact that if a security device is not capable of handling evasions, it is practically useless - no matter how good of a block rate it has or how many certifications or awards it has won.

5. Deploy a centralized approach to network security device management. Centralized management plays a crucial role in protecting against AETs. It allows organizations to automate AET updates and schedule software upgrades remotely and effortlessly, thus making sure they always deploy the best possible protection against AETs.

6. Test anti-evasion capabilities of your security devices in a “real” environment by using your own policies and configurations. Many security vendors know how to survive simulated and recorded evasions when these are well predefined and stable in lab environment. However, when facing live and dynamic evasion disguised exploits, these systems go blind and are incapable of protecting your data assets. If you really want to know the level of your current protection against AETs, field testing is required.

For information on how to protect against AETs, please visit www.antievasion.com or www.stonesoft.com.

About Stonesoft

Stonesoft Corporation (NASDAQ OMX: SFT1V) delivers proven, innovative solutions that simplify network security management for even the most complex network environments. The StoneGate Platform unifies management of entire networks—including StoneGate and third-party devices—blending integrated threat management, end-to-end high availability and network optimization into a centrally controlled system. As a result, Stonesoft provides the highest levels of proactive control, always-on connectivity and compliance at the lowest total cost of ownership (TCO) on the market today. Founded in 1990, the company is an established leader in network security innovation with corporate headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia. For more information, visit www.stonesoft.com, www.antievasion.com and the corporate blog http://stoneblog.stonesoft.com.