Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Free AET Threat Assessment Tool

Stonesoft Networks : 24 July, 2012  (New Product)
Evader has been released by Stonesoft free of charge to enable companies to evaluate their networks' ability to detect Advanced Evasion Technique threats
Free AET Threat Assessment Tool
Stonesoft has released Evader, a free software-testing tool that organisations can use to assess their ability to detect and prevent cyber security threats carried by Advanced Evasion Techniques (AETs). Evader launches sets of AETs against next generation firewall (NGFW), Intrusion Prevention System (IPS) and Unified Threat Management (UTM) products and helps organisations establish the threat AETs pose to their network and business-critical digital assets.

Ilkka Hiidenheimo, founder and CEO of Stonesoft said: “The recent spate of cyber-attacks against major organisations has demonstrated that, despite vendors promising 100% protection against AETs, hackers are still finding ways to bypass network security appliances. This exposes fundamental design flaws in network security products and AETs take advantage of this. Releasing Evader is the next step in our understanding of and ability to counter this growing threat and, for the first time, it allows organisations to test their own defenses.”

AETs are used to attack networks by combining several known evasion methodologies to create new and dynamically changing techniques that can be delivered over several layers of a network simultaneously. This allows attackers to successfully deliver any known exploit, malicious payload or code to a target host without detection. AET disguised exploits look like normal traffic to security products, allowing them to travel inside networks without leaving traces.

“Network security vendors have ignored the problem posed by AETs for a number of years,” said Andrew Blyth, professor at Glamorgan University and an AET expert. “Stonesoft’s Evader test tool makes securing against AETs accessible for organisations of all sizes. Hopefully, this will encourage the whole network security industry to come together and seriously research AETs and their ongoing threat.”

Evader ensures that corporations and government agencies do not have to rely on third-party testing and vendor´s guarantees to understand if their security solutions can withstand AET attacks. As an easy test, it gives users the ability to assess anti-evasion readiness with their own configurations and security policies.

Evader is a ready-made test lab including a set of AETs. Evader includes dynamic AET samples that has went through the Computer Emergency Response Team (CERT) vulnerability coordination process that began two years ago. It can run manual or automatic combinations of AETs to hide well-known MSRPC- (vulnerability from 2008) and HTTP-(2004) exploits and deliver them through the tested network’s security devices to a vulnerable target host image. The essence of Evader is to provide hard facts about AET readiness of security devices, to support decision making and increase the level of protection against them.

“In our view vendors have not taken AETs seriously enough and organizations are paying the price through data breaches that put companies, federal agencies, and customers at risk” said Ilkka Hiidenheimo, founder and CEO of Stonesoft. “Customers and the whole security community has been asking us to provide deeper knowledge about AETs and demanding products that test for AETs, we’re answering that need with Evader. By providing the tool for free, we’re giving organizations the same level of knowledge that today’s sophisticated hackers have and the ability to test their own environments.”

Stonesoft is demonstrating Evader in Las Vegas during the annual Black Hat event, July 21-26, 2012. During the demonstration, Stonesoft will test the leading security products for their ability to protect against AETs, including HP/ Tipping Point, Cisco, Palo Alto Networks and Juniper.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo