As reported last October, Stonesoft claimed to have discovered a new packet-based attack methodology that it says can bypass all known network security technologies.
According to Ikka Hiidenheimo, the CEO of Scandinavian IT security company, conventional behaviour analysis technology does not work against the new packet-based attack vector.
These AET threats, he told Infosecurity at the time, significantly extend what is known today about evasion techniques and provide cybercriminals with a master key to access any vulnerable system such as ERP and CRM applications by bypassing conventional security defences.
"Even a multi-layered IT security technology does not solve the problem", he said, adding that cloud-based signature databases won't counter the new security threat either.
Now Stonesoft is saying that, unlike Conficker or Stuxnet, a simple IT security system update does not fix the problem, making the process of countering the problem something of an uphill battle.
The first recommendation that the vendor makes is that IT professionals need to increase their knowledge of the AET problem, noting that it is important to understand that they are not attacks, but delivery methods to carry payloads to the vulnerable target without being detected by firewall and IPS devices.
There is no bullet-proof solution, says Stonesoft, but you can minimise the risk of exploitation through multi-layer traffic normalisation and the use of an intelligent security platform that can be continuously updated against AETs.
The second recommendation the firm makes is that organisations should analyse the risks by auditing their critical infrastructure and then analysing the most significant assets of their organisation, including how and where they are currently stored, and whether the information is backed up.
Businesses, advises Stonesoft, should prioritise and make sure your critical assets and public services have the best possible protection against AETs.
The next step, the firm adds, is for organisations to re-evaluate their patch management and, where possible, understand that patching vulnerable systems provides ultimate protection against network attacks, regardless of whether they have been delivered by AETs.
Evasions, says the security vendor, may help the attacker bypass IPS or next generation firewalls,but they cannot actually attack a patched system. However, because patch testing and deployment takes time under even the best circumstances, additional IPS and security measures must be taken.
IT security professionals should also re-evaluate their existing IPS and take a centralised approach to network security device management. Centralised management, says the firm, plays a crucial role in protecting against AETs, as it allows organisations to automate their AET updates and schedule software upgrades remotely, ensuring that they always deploy the best possible protection against AETs.
Finally, Stonesoft says that firms should test the anti-evasion capabilities of their security devices in a ?real? environment by using your own policies and configurations.
Many security vendors, adds the firm, know how to survive simulated and recorded evasions when these are well predefined and stable in lab environment.
However, when facing live and dynamic evasion disguised exploits, these systems can go go blind and are incapable of protecting your data assets. If you really want to know the level of your current protection against AETs, field testing is required, Stonesoft concludes.