The nefarious types looking to compromise network security are getting craftier at their trade. Case in point is the rise of Advanced Evasion Techniques (AETs), which obfuscate malicious code by slicing and dicing it into bits and pieces that arrive by different paths. Ultimately, that code re-assembles on an endpoint, where it can wreak havoc.
The big problem with AETs is that they are very successful for the most part, evading the technologies deployed by Next Generation Fire-Walls (NGFWs) that are used to detect malware. What’s more, AETs are often the first shot fired in a battle that supports the spread of APTs, which ultimately target intellectual property and financial resources. In other words, AETs enable drive by attacks that can go unnoticed until long after the damage is done.
Defending against AETs is no simple task and the obfuscation techniques employed are sophisticated enough to bypass the detection capabilities of many firewalls. So the first question that comes to mind becomes “how can I tell if my firewall can withstand an AET attack.”
Test for AET resistance
Security vendor McAfee (now a part of Intel Security) is offering a free tool that tests for AET resistance. The company said most firewalls are only capable of blocking less than 10% of known AETs and the majority of malicious code delivered using AETs slips by unnoticed.
The free tool, referred to as Evader, allows administrators to build numerous test scenarios that simulate AETs and then see how those attacks can bypass a firewall. Naturally, Evader is designed to help McAfee sell their NGFWs and demonstrates that the company’s own NGFWs are resistant to AETs.
Nevertheless, Evader proves to be a powerful tool for educating security administrators about the danger of AETs and what they need to know to block those threats. Simply put, Evader should be part of any security administrators bandoleer of security testing products and it comes with a price that is always agreeable – free.