McAfee Report Details Myths and Realities of Advanced Evasion Techniques (AETs)

By Peter Bernstein March 31, 2014

If you do not know about Advanced Evasion Techniques (AETs) and the role they play in Advanced Persistent Threats (APTs), you should. Unfortunately, as a new report by security solutions provider McAfee (a division of Intel Security) highlights, these bad boys are highly prevalent and there should be a sense of urgency about getting educated about the myths and realities of AETs and sounding the alarm to raise your defenses.   

So what is an AET?

The best place to get a level set is in understanding what AETs are. As McAfee notes, AETs are methods of disguise used to penetrate target networks undetected and deliver malicious payloads. Discovered in 2010, using AETs, an attacker can split apart an exploit into pieces, bypass a firewall or IPS appliance, and once inside the network, reassemble the code to unleash malware and continue an APT attack.

The problem is they are hard to detect. And, as the name implies the destruction they create from attacks they help launch are advanced and persistent. Worse, as the research found, at the moment AETs are under-reported and not well understood. In fact, despite testing, McAfee notes that in some paid tests vendors are given the chance to correct for AETs. What this means according to McAfee is that, “Only the specific techniques identified are corrected for, and not the broader techniques that are rapidly updated and adapted by criminal organizations.”

Disturbing findings concerning AETs 

The new report, commissioned by McAfee and done by Vanson Bourne entitled, "The Security Industry's Dirty Little Secret: The debate over advanced evasion techniques (AETs)” 2014, surveyed 800 CIOs and security managers from the United States, United Kingdom, Germany, France, Australia, Brazil and South Africa. It showed there are misunderstandings, misinterpretation and ineffective safeguards in use by the security experts charged with protecting sensitive data. 

Source: The Security Industry's Dirty Little Secret: The debate over advanced evasion techniques (AETs)  Click here to enlarge.

As the infographic shows there is plenty to be concerned about:

  • 22 percent of respondents acknowledged they had challenges detecting AETs admitting their network was breached in the past 12 months.
  • Nearly 40 percent of those breached believe that AETs played a key role.
  • On average, those who experienced a breach in the last 12 months reported a cost to their organization of upwards of $1 million.

Plus, as the report points out, the bad guys have become very sophisticated in evading early detection. 

“We are no longer dealing with the random drive-by scanner that is just looking for obvious entryways into your network. In today's interconnected world, we are dealing with adversaries who spend weeks or months studying your public facing network footprint, looking for that one small sliver of light which will allow them to gain a foothold into your networks,” said John Masserini, vice president and chief security officer, MIAX Options. “Advanced Evasion Techniques are that sliver of light.”

He went on to note that, “McAfee’s Next Generation Firewall technology adds an extra layer of depth to protect against such threats, making that sliver of light that much harder to find.” In fact, McAfee is providing a free version of McAfee Evader, a tool that assesses how well your existing network security devices stand up against AETs. It allows you to launch controlled AET-borne attacks against your systems, and then modify evasions and combinations of attacks to see if the AET can get through.

AETs are everywhere

As the infographic also depicts, there are other disconcerting findings from the survey that should serve as a call to action. You should consider this if for no other reason than to have you test to see how prepared you are. 

For example, while nearly 40 percent of respondents do not believe they have methods to detect and track AETs within their organization, almost two thirds said that the biggest challenge when trying to implement technology against AETs is convincing the board they are a real and serious threat. But, the problem is that even that 61 percent who have what they believe is protection, as other research (see below) shows, they greatly under-estimate the level of protection they actually have given AETs are out there in much larger numbers, and continue to rapidly morph.

To prove a point, McAfee quotes renowned subject matter expert, Professor Andrew Blyth of the University of South Wales, as saying, “The simple truth is that Advanced Evasion Techniques (AETs) are a fact of life. It’s shocking that the majority of CIOs and security professionals severely underestimated that there are 329,246 AETs, when in fact the total of known AETs is approximately 2,500 times that number or more than 800 million AETs and growing.”  

McAfee goes on to assert that of the estimated 800 million AETs, making the case as to why organizations need advanced firewalls (obviously one from McAfee is deemed preferable), the less than one percent are detected by competitors’ products. 

“Many organizations are so intent of identifying new malware that they are falling asleep at the wheel toward advanced evasion techniques that can enable malware to circumvent their security defences,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “AETs pose a great threat because most security solutions can’t detect or stop them. Security professionals and executive managers need to wake up as this is a real and growing threat.”

 “Hackers already know about advanced evasion techniques and are using them on a daily basis,” said Pat Calhoun, general manager of network security at McAfee. “What we’re hoping to do is educate businesses so they can know what to look for, and understand what’s needed to defend against them.”

Today happens to be World Backup Day. It is something to celebrate. It is also something that should give everyone pause as to whether AETs are lying in wait and being backed-up to wreak havoc later. As noted, it might be prudent to see where your organization stands on detecting AETs. 

Edited by Cassandra Tucker
Related Articles

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More

Putting the Flow into Workflow, Paessler and Briefery Help Businesses Operate Better

By: Cynthia S. Artin    9/14/2018

The digital transformation of business is generating a lot of value, through more automation, more intelligence, and ultimately more efficiency.

Read More

From Mainframe to Open Frameworks, Linux Foundation Fuels Up with Rocket Software

By: Special Guest    9/6/2018

Last week, at the Open Source Summit, hosted by The Linux Foundation, the Open Mainframe Project gave birth to Zowe, introduced a new open source soft…

Read More

Unified Office Takes a Trip to the Dentist Office

By: Cynthia S. Artin    9/6/2018

Not many of us love going to see the dentist, and one company working across unified voice, productivity and even IoT systems is out to make the exper…

Read More

AIOps Outfit Moogsoft Launches Observe

By: Paula Bernier    8/30/2018

Moogsoft Observe advances the capabilities of AIOps to help IT teams better manage their services and applications in the face of a massive proliferat…

Read More