IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives infosectoday.com Book Proposal Guidelines IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives infosectoday.com Book Proposal Guidelines
Auerbach Publications

Home

IT Performance Improvement

Management

Security

Networking and Telecommunications

Software Engineering

Project Management

Database

Free Subscription to IT Today





Powered by VerticalResponse

 
Cyber Security Essentials
Adaptive Security Management Architecture
Security Strategy: From Requirements to Reality
Secure Java for Web Application Development
Managing an Information Security and Privacy Awareness and Training Program, Second Edition
Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World
Secure and Resilient Software Development

Stonesoft Releases Technical Paper on Advanced Evasion Techniques

Predictions Show Clear Linkage of IT Investments and Business Results Becoming an Imperative for IT Organizations

December 1, 2010 -- Stonesoft today announced the availability of a new technical paper on advanced evasion techniques entitled "New Methods and Combinatorics for Bypassing Intrusion Prevention Technologies." The technical paper is available here.

This paper is the first public release of technical details surrounding the company's discovery of AETs, which was announced in October. The paper details the current state of evasions and intrusion detection and protection within network security. It also discusses the previous research on evasions leading up to the discovery of AETs, and how AETs are poised to be a dangerous threat to cyber security moving forward.

Since their discovery, AETs have received much attention and debate in the network security industry. While some network security experts believe them to be a mere extension of traditional evasion techniques, others, including ICSA Labs, have validated their credibility as a new category of cyber threats. Stonesoft's technical paper aims to fully explain the mechanics and impact of AETs on network security as a whole.

Essentially, AETs allow cyber criminals and hackers to deliver any network security threat such as worms or viruses to vulnerable target systems without being detected by network security devices. Stonesoft has found that it is possible to evade many, if not all, commercially available commercial intrusion prevention systems (IPS) or other security devices; e.g., network firewalls. The national computer security incident response team CERT-FI has issued a vulnerability statement about advanced evasion techniques and continues to organize a global vulnerability coordination effort around the issue.

"At the time of this announcement, we are continuing to work with CERT-FI to disclose newly discovered AETs so the network security industry may collectively find a way to combat these threats. We will continue to release new research results and technical details within the boundaries of responsible disclosure," said Juha Kivikoski, chief operating officer at Stonesoft.

© Copyright 2010 Auerbach Publications