Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Advanced Evasion Technique Protection Advice

Stonesoft Networks : 19 August, 2011  (Technical Article)
Stonesoft is providing advice through 6 tips to companies towards protecting against the growing threat of Advanced Evasion Techniques
Advanced Evasion Technique Protection Advice
When it comes to advanced evasion techniques, there isn't a security device on the market today that can guarantee 100 percent protection. Unlike threats like Stuxnet or CONFICKER, a simple device update doesn’t fix the problem. How they operate and the sheer number of possible evasion combinations substantiate the fact that protection against AETs is an uphill battle – and we’re just starting the fight.

However, organisations can take steps to increase their protection against these threats. In fact, any organisation that fails to understand and lessen the risk of AETs is opening their network to known and unknown vulnerabilities. In an age of sophisticated cyber crime, many organisations – including government agencies and enterprises – risk serious repercussions for failing to ready their networks in the fight against AETs.

Organisations should follow the six tips listed below to increase their level of protection:

1 Increase your knowledge. AETs differ from traditional evasions in many ways, and it is important to understand that they are not attacks, but delivery methods to carry payloads to the vulnerable target without being detected by firewall and IPS devices. There is no bullet-proof solution, but you can minimise the risk of exploitation through multi-layer traffic normalisation and the use of an intelligent security platform that can be continuously updated against AETs.

2 Analyse the risks. Audit your critical infrastructure and analyse the most significant assets of your organisation, how and where they are currently stored, and whether the information is backed up. Prioritise and make sure your critical assets and public services have the best possible protection against AETs.

3 Re-evaluate your patch management. When possible, patching vulnerable systems provides ultimate protection against network attacks, regardless of whether they have been delivered by AETs. Evasions may help the attacker bypass IPS or next generation firewalls (NGFW), but they cannot actually attack a patched system. However, because patch testing and deployment takes time under even the best circumstances, additional IPS and security measures must be taken.

4 Re-evaluate your existing intrusion prevention solution. Evaluate the capabilities of your existing IPS and NGFW to protect your network against AETs. How effective is it against evasions today? Does it enable you to react quickly to attacks or easily update against newly-discovered threats? Be critical, proactive and look for alternative options. Keep in mind that AETs have changed the security landscape permanently. It is a fact that if a security device is not capable of handling evasions, it is practically useless - no matter how good of a block rate it has or how many certifications or awards it has won.

5 Deploy a centralised approach to network security device management. Centralised management plays a crucial role in protecting against AETs. It allows organisations to automate AET updates and schedule software upgrades remotely and effortlessly, thus making sure they always deploy the best possible protection against AETs.

6 Test anti-evasion capabilities of your security devices in a “real” environment by using your own policies and configurations. Many security vendors know how to survive simulated and recorded evasions when these are well predefined and stable in lab environment. However, when facing live and dynamic evasion disguised exploits, these systems go blind and are incapable of protecting your data assets. If you really want to know the level of your current protection against AETs, field testing is required.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo