Enterprise risk from advanced evasion techniques is growing, say experts

Security specialist Stonesoft claims most systems can't detect AETs, leaving enterprises at risk from cyber attack

The majority of enterprise networks are unable to detect advanced evasion techniques (AETs), which are used by hackers to hide their attacks.

This is the opinion of security specialist Stonesoft, which has discovered 160 examples of AETs to date, up from only 23 in October last year.

"The problem has become more widespread than we originally saw," said Mike Jalava, CTO, Stonesoft.

"And we still have many more samples currently under analysis, so the numbers of AETs that we know about is likely to go up again very shortly."

Using AETs, hackers are able to bypass many, if not all, firewall and intrusion prevention solutions (IPS) currently available.

An IPS or firewall will be able to detect and stop known malware, but a hacker can disguise his attack in an AET, rendering it invisible to security systems.

Jalava argues that IPS providers are not going about tackling the problem in the right way.

"A number of IPS vendors have tweaked their solutions to prevent certain specific AETs. But hackers just make simple changes and that AET suddenly is no longer recognisable and can bypass that IPS."

He explained that better protection is possible if a solution goes further than simply being able to recognise specific AETs.

"You need to use a solution that can fully normalise and understand the traffic flow, rather than just fingerprint specific AETs. The vast majority of security vendors fail to offer this."