UK IT Industry Awards

Where am I? >
Home >
News >
Security

Enterprise risk from advanced evasion techniques is growing, say experts

By Stuart Sumner

Follow Stuart on Twitter

24 May 2011

Be the first to comment

The majority of enterprise networks are unable to detect advanced evasion techniques (AETs), which are used by hackers to hide their attacks.

This is the opinion of security specialist Stonesoft, which has discovered 160 examples of AETs to date, up from only 23 in October last year.

Further reading

"The problem has become more widespread than we originally saw," said Mike Jalava, CTO, Stonesoft.

"And we still have many more samples currently under analysis, so the numbers of AETs that we know about is likely to go up again very shortly."

Using AETs, hackers are able to bypass many, if not all, firewall and intrusion prevention solutions (IPS) currently available.

An IPS or firewall will be able to detect and stop known malware, but a hacker can disguise his attack in an AET, rendering it invisible to security systems.

Jalava argues that IPS providers are not going about tackling the problem in the right way.

"A number of IPS vendors have tweaked their solutions to prevent certain specific AETs. But hackers just make simple changes and that AET suddenly is no longer recognisable and can bypass that IPS."

He explained that better protection is possible if a solution goes further than simply being able to recognise specific AETs.

"You need to use a solution that can fully normalise and understand the traffic flow, rather than just fingerprint specific AETs. The vast majority of security vendors fail to offer this."

Reader comments

Add your comment

Have your say on this article

Your name
Email address
Comment title
Your comment

All fields required. Your email address will not be displayed on the site.

By submitting a comment you agree to abide by our Terms & Conditions

Submit

Newsletters

Sign up for our FREE newsletters

Large companies such as Microsoft, Facebook and Google have been hoovering up technology patents recently. Is this stifling innovation?

Yes! These firms are spending billions on the rights to sue one another, rather than focusing on creating new products.

87 %

No! The knowledge that firms are stringently searching for any IP infringement means that new products must be genuinely innovative, and borrow nothing from previous designs if they are to remain in stores and out of the courtroom.

5 %

It doesn't matter! The only useful thing left to be invented is time travel, so I can go back to a time when I had more hair.

8 %

Influence - Consumerisation

Enterprise use of mobile mashups

Case studies & reports

Cloud computing insights from 110 implementation projects

Case studies from large organisations across all sectors

The lesson of 2012: prepare now for increased data volumes

... And rich media, and flexible working, and peaks in traffic ...

More case studies and reports

Upcoming Events

Gain better control of your data with enterprise database consolidation

Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.

Date: 31 May 2012

Time: 11:00 AM

Top 10 causes of IT disasters – and how to deal with them

Concept image of data backup with life preserving floating on background of binary data

Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.

Date: 13 Jun 2012

Time: 11:00 am

More events

Job of the week

More IT Jobs

IT job alerts

Receive the latest jobs direct to your inbox

IT job finder

IT salary checker

Are you being paid what you are worth?

Check Salary

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

Enterprise risk from advanced evasion techniques is growing, say experts

Fight against cyber crime hampered by lack of global standards

Former minister says cutbacks threaten cyber crime fight

What every SMB needs to know about fighting cyber crime

Sign up for our FREE newsletters

Google cloud will rain on IT’s parade

Essential guide to security: Rethinking your defence

Organisations struggle to safely and securely delegate sys-admin tasks

Does virtualisation cause data centre bottlenecks?

Cloud security, how to balance the risk

Staff recruitment and retention - Andy Dancer, CTO EMEA, Trend Micro

Essential guide to security: Rethinking your defence

Interview: McAfee CTO Raj Samani

When minor infections turn dangerous

Interview: Kaspersky Lab CTO Nikolai Grebennikov

Mitigating denial of service attacks

Senior Mobile Developer - Android or Blackberry

Graduate / Trainee Opportunity - Kent/SE London

Test Lead, Lead Test Analyst, Project Test Lead

Large companies such as Microsoft, Facebook and Google have been hoovering up technology patents recently. Is this stifling innovation?

Flame virus: son of Stuxnet uncovered in Middle East

Retailer slams ICO over 'embarrassing banality' of revised cookie law guidance

Storage capacity slowdown can be buffered by virtualisation, says HDS’ Yoshida

HP: 27,000 job cuts by 2014, Mike Lynch to leave (NEW UPDATE)

RIM to shed 2,000 more staff