120-plus new advanced evasion techniques disclosed to CERT

According to the Scandinavian IT security specialist, since it discovered AETs last October, its research team has continued to investigate the problem in the wild.

Stonesoft claims that, whilst many vendors claimed to have 'fixed' the product vulnerabilities disclosed in CERT's initial advisories of last Autumn, many of them are still able to these security systems without detection.

In other cases, says the firm, simple microscopic changes to an AET – such as changing the byte size and segmentation offset – allow the attacks to bypass the product's detection capabilities.

This, says the IT security vendor, demonstrates that most vendors are only providing temporary and inflexible fixes to the growing AET concern, rather than researching and solving the fundamental architecture issues that give way to these vulnerabilities.

Joona Airimo, Stonesoft’s CISO, said that it seems that those vendors who claim to have 100% protection against advanced evasion techniques do not really understand the magnitude of the problem – nor have they done enough research around the issue.

"The discoveries made so far are only the tip of the iceberg", he explained.

Bob Walder, the Gartner research director who discussed AETs at length in his November 2010 report – Advanced Evasion Techniques (AET): Weapon of Mass Destruction or Absolute Dud – said that AETs are not new, yet still present a credible threat against the network security infrastructure that protects governments, commerce and information-sharing worldwide.

"Recent research has, thankfully, forced this issue once again into the spotlight, and network security vendors need to devote the research and resources to finding a solution", he said.

What’s Hot on Infosecurity Magazine?