McAfee Report Details Myths and Realities of Advanced Evasion Techniques (AETs)

By Peter Bernstein March 31, 2014

If you do not know about Advanced Evasion Techniques (AETs) and the role they play in Advanced Persistent Threats (APTs), you should. Unfortunately, as a new report by security solutions provider McAfee (a division of Intel Security) highlights, these bad boys are highly prevalent and there should be a sense of urgency about getting educated about the myths and realities of AETs and sounding the alarm to raise your defenses.   

So what is an AET?

The best place to get a level set is in understanding what AETs are. As McAfee notes, AETs are methods of disguise used to penetrate target networks undetected and deliver malicious payloads. Discovered in 2010, using AETs, an attacker can split apart an exploit into pieces, bypass a firewall or IPS appliance, and once inside the network, reassemble the code to unleash malware and continue an APT attack.

The problem is they are hard to detect. And, as the name implies the destruction they create from attacks they help launch are advanced and persistent. Worse, as the research found, at the moment AETs are under-reported and not well understood. In fact, despite testing, McAfee notes that in some paid tests vendors are given the chance to correct for AETs. What this means according to McAfee is that, “Only the specific techniques identified are corrected for, and not the broader techniques that are rapidly updated and adapted by criminal organizations.”

Disturbing findings concerning AETs 

The new report, commissioned by McAfee and done by Vanson Bourne entitled, "The Security Industry's Dirty Little Secret: The debate over advanced evasion techniques (AETs)” 2014, surveyed 800 CIOs and security managers from the United States, United Kingdom, Germany, France, Australia, Brazil and South Africa. It showed there are misunderstandings, misinterpretation and ineffective safeguards in use by the security experts charged with protecting sensitive data. 

Source: The Security Industry's Dirty Little Secret: The debate over advanced evasion techniques (AETs)  Click here to enlarge.

As the infographic shows there is plenty to be concerned about:

  • 22 percent of respondents acknowledged they had challenges detecting AETs admitting their network was breached in the past 12 months.
  • Nearly 40 percent of those breached believe that AETs played a key role.
  • On average, those who experienced a breach in the last 12 months reported a cost to their organization of upwards of $1 million.

Plus, as the report points out, the bad guys have become very sophisticated in evading early detection. 

“We are no longer dealing with the random drive-by scanner that is just looking for obvious entryways into your network. In today's interconnected world, we are dealing with adversaries who spend weeks or months studying your public facing network footprint, looking for that one small sliver of light which will allow them to gain a foothold into your networks,” said John Masserini, vice president and chief security officer, MIAX Options. “Advanced Evasion Techniques are that sliver of light.”

He went on to note that, “McAfee’s Next Generation Firewall technology adds an extra layer of depth to protect against such threats, making that sliver of light that much harder to find.” In fact, McAfee is providing a free version of McAfee Evader, a tool that assesses how well your existing network security devices stand up against AETs. It allows you to launch controlled AET-borne attacks against your systems, and then modify evasions and combinations of attacks to see if the AET can get through.

AETs are everywhere

As the infographic also depicts, there are other disconcerting findings from the survey that should serve as a call to action. You should consider this if for no other reason than to have you test to see how prepared you are. 

For example, while nearly 40 percent of respondents do not believe they have methods to detect and track AETs within their organization, almost two thirds said that the biggest challenge when trying to implement technology against AETs is convincing the board they are a real and serious threat. But, the problem is that even that 61 percent who have what they believe is protection, as other research (see below) shows, they greatly under-estimate the level of protection they actually have given AETs are out there in much larger numbers, and continue to rapidly morph.

To prove a point, McAfee quotes renowned subject matter expert, Professor Andrew Blyth of the University of South Wales, as saying, “The simple truth is that Advanced Evasion Techniques (AETs) are a fact of life. It’s shocking that the majority of CIOs and security professionals severely underestimated that there are 329,246 AETs, when in fact the total of known AETs is approximately 2,500 times that number or more than 800 million AETs and growing.”  

McAfee goes on to assert that of the estimated 800 million AETs, making the case as to why organizations need advanced firewalls (obviously one from McAfee is deemed preferable), the less than one percent are detected by competitors’ products. 

“Many organizations are so intent of identifying new malware that they are falling asleep at the wheel toward advanced evasion techniques that can enable malware to circumvent their security defences,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “AETs pose a great threat because most security solutions can’t detect or stop them. Security professionals and executive managers need to wake up as this is a real and growing threat.”

 “Hackers already know about advanced evasion techniques and are using them on a daily basis,” said Pat Calhoun, general manager of network security at McAfee. “What we’re hoping to do is educate businesses so they can know what to look for, and understand what’s needed to defend against them.”

Today happens to be World Backup Day. It is something to celebrate. It is also something that should give everyone pause as to whether AETs are lying in wait and being backed-up to wreak havoc later. As noted, it might be prudent to see where your organization stands on detecting AETs. 

Edited by Cassandra Tucker
Related Articles

The World is His Oyster: Connected Solutions Enable Daniel Ward to See Food

By: Paula Bernier    3/16/2018

Fresh seafood can taste great, but if it is not handled properly, people can get sick, and that can lead to business closures and lost revenues. That'…

Read More

How to Get Ready for GDPR if You've Waited Until the Last Minute

By: Special Guest    3/14/2018

With less than two months until the General Data Protection Regulations (GDPR) deadline, many companies have already started making sure that their bu…

Read More

How Fintech is Helping Create Global Businesses

By: Special Guest    3/14/2018

The growth of Fintech probably has not escaped your attention. Whether you're a customer making contactless payments or an investor weighing up CFD tr…

Read More

Are We Prepared for Automation?

By: Special Guest    3/13/2018

We are barreling toward a future of automation. A great proportion of the six million US manufacturing jobs that have disappeared over the last few de…

Read More

The Dark Web - A Hot Bed for Cybercrime

By: Special Guest    3/12/2018

There is a corner of the internet that is cloaked from every day users. Beneath the typical search engines and web browsers, an illegal marketplace is…

Read More