If you do not know about Advanced Evasion Techniques (AETs) and the role they play in Advanced Persistent Threats (APTs), you should. Unfortunately, as a new report by security solutions provider McAfee (a division of Intel (News - Alert) Security) highlights, these bad boys are highly prevalent and there should be a sense of urgency about getting educated about the myths and realities of AETs and sounding the alarm to raise your defenses.
So what is an AET?
The best place to get a level set is in understanding what AETs are. As McAfee (News - Alert) notes, AETs are methods of disguise used to penetrate target networks undetected and deliver malicious payloads. Discovered in 2010, using AETs, an attacker can split apart an exploit into pieces, bypass a firewall or IPS appliance, and once inside the network, reassemble the code to unleash malware and continue an APT (News - Alert) attack.
The problem is they are hard to detect. And, as the name implies the destruction they create from attacks they help launch are advanced and persistent. Worse, as the research found, at the moment AETs are under-reported and not well understood. In fact, despite testing, McAfee notes that in some paid tests vendors are given the chance to correct for AETs. What this means according to McAfee is that, “Only the specific techniques identified are corrected for, and not the broader techniques that are rapidly updated and adapted by criminal organizations.”
Disturbing findings concerning AETs
The new report, commissioned by McAfee and done by Vanson Bourne entitled, "The Security Industry's Dirty Little Secret: The debate over advanced evasion techniques (AETs)” 2014, surveyed 800 CIOs and security managers from the United States, United Kingdom, Germany, France, Australia, Brazil and South Africa. It showed there are misunderstandings, misinterpretation and ineffective safeguards in use by the security experts charged with protecting sensitive data.
Source (News - Alert): The Security Industry's Dirty Little Secret: The debate over advanced evasion techniques (AETs) Click here to enlarge.
As the infographic shows there is plenty to be concerned about:
Plus, as the report points out, the bad guys have become very sophisticated in evading early detection.
“We are no longer dealing with the random drive-by scanner that is just looking for obvious entryways into your network. In today's interconnected world, we are dealing with adversaries who spend weeks or months studying your public facing network footprint, looking for that one small sliver of light which will allow them to gain a foothold into your networks,” said John Masserini, vice president and chief security officer, MIAX Options. “Advanced Evasion Techniques are that sliver of light.”
He went on to note that, “McAfee’s Next Generation Firewall technology adds an extra layer of depth to protect against such threats, making that sliver of light that much harder to find.” In fact, McAfee is providing a free version of McAfee Evader, a tool that assesses how well your existing network security devices stand up against AETs. It allows you to launch controlled AET-borne attacks against your systems, and then modify evasions and combinations of attacks to see if the AET can get through.
AETs are everywhere
As the infographic also depicts, there are other disconcerting findings from the survey that should serve as a call to action. You should consider this if for no other reason than to have you test to see how prepared you are.
For example, while nearly 40 percent of respondents do not believe they have methods to detect and track AETs within their organization, almost two thirds said that the biggest challenge when trying to implement technology against AETs is convincing the board they are a real and serious threat. But, the problem is that even that 61 percent who have what they believe is protection, as other research (see below) shows, they greatly under-estimate the level of protection they actually have given AETs are out there in much larger numbers, and continue to rapidly morph.
To prove a point, McAfee quotes renowned subject matter expert, Professor Andrew Blyth of the University of South Wales, as saying, “The simple truth is that Advanced Evasion Techniques (AETs) are a fact of life. It’s shocking that the majority of CIOs and security professionals severely underestimated that there are 329,246 AETs, when in fact the total of known AETs is approximately 2,500 times that number or more than 800 million AETs and growing.”
McAfee goes on to assert that of the estimated 800 million AETs, making the case as to why organizations need advanced firewalls (obviously one from McAfee is deemed preferable), the less than one percent are detected by competitors’ products.
“Many organizations are so intent of identifying new malware that they are falling asleep at the wheel toward advanced evasion techniques that can enable malware to circumvent their security defences,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group (News - Alert). “AETs pose a great threat because most security solutions can’t detect or stop them. Security professionals and executive managers need to wake up as this is a real and growing threat.”
“Hackers already know about advanced evasion techniques and are using them on a daily basis,” said Pat Calhoun, general manager of network security at McAfee. “What we’re hoping to do is educate businesses so they can know what to look for, and understand what’s needed to defend against them.”
Today happens to be World Backup Day. It is something to celebrate. It is also something that should give everyone pause as to whether AETs are lying in wait and being backed-up to wreak havoc later. As noted, it might be prudent to see where your organization stands on detecting AETs.