Security

Advanced Evasion Techniques wreaking havoc on network security

In the never-ending war against security breaches, attackers gaining the upper hand by unleashing zero day attacks, advanced persistent threats (APTs) and other rapidly evolving threats.

The nefarious types looking to compromise network security are getting craftier at their trade. Case in point is the rise of Advanced Evasion Techniques (AETs), which obfuscate malicious code by slicing and dicing it into bits and pieces that arrive by different paths. Ultimately, that code re-assembles on an endpoint, where it can wreak havoc.

The big problem with AETs is that they are very successful for the most part, evading the technologies deployed by Next Generation Fire-Walls (NGFWs) that are used to detect malware. What's more, AETs are often the first shot fired in a battle that supports the spread of APTs, which ultimately target intellectual property and financial resources. In other words, AETs enable drive by attacks that can go unnoticed until long after the damage is done.

Defending against AETs is no simple task and the obfuscation techniques employed are sophisticated enough to bypass the detection capabilities of many firewalls. So the first question that comes to mind becomes "how can I tell if my firewall can withstand an AET attack."

Test for AET resistance

Security vendor McAfee (now a part of Intel Security) is offering a free tool that tests for AET resistance. The company said most firewalls are only capable of blocking less than 10% of known AETs and the majority of malicious code delivered using AETs slips by unnoticed.

The free tool, referred to as Evader, allows administrators to build numerous test scenarios that simulate AETs and then see how those attacks can bypass a firewall. Naturally, Evader is designed to help McAfee sell their NGFWs and demonstrates that the company's own NGFWs are resistant to AETs.

Nevertheless, Evader proves to be a powerful tool for educating security administrators about the danger of AETs and what they need to know to block those threats. Simply put, Evader should be part of any security administrators bandoleer of security testing products and it comes with a price that is always agreeable - free.

About

Frank J. Ohlhorst is an award-winning technology journalist, author, professional speaker and IT business consultant. He has worked in editorial at CRN, eWeek and Channel Insider, and is the author of Big Data Analytics. His certifications include MC...

1 comments
pgit
pgit

The information they require up front is quite intense. I am independent contractor but only want to test this on one client's system I doubt they will let me provide that much information.

They're obviously going for much bigger fish than me!

Editor's Picks