The way forward for monitoring and inspection
The way forward for monitoring and inspection


The news of the discovery of advanced evasion techniques (AETs) brings to light the infinite possibility of intrusions into corporate networks and how they are able to circumvent existing security systems.

Cloud computing has been under the spotlight in recent years due to its numerous benefits, such as the reduction of management and administration costs, scalability, optimisation of resources and investments, increased efficiency and flexibility. All these can help businesses that strategically choose to entrust the management of certain applications or entire business processes to third parties.

Nevertheless, there are risks associated with cloud computing; for example, hidden costs such as loss of control of resources by the user, or associated with the protection and control of access to cloud computing, can severely reduce the expected economic return.

In this day and age, it is reasonable to think that cloud providers, especially if highly specialised and competent in the vertical sector, can represent an attractive target for cyber criminals who have many weapons at their disposal that are not always known or detectable by those responsible for security.

Unfortunately, this means that they are armed with an access key to strike any network infrastructure, exploiting the vulnerabilities of TCP/IP communication protocols, without being detected by a traditional IDS (Intrusion Detection System) or blocked by an IPS (Intrusion Prevention System).

As a result of their dynamic nature and ability to combine a wide range of traditional evasion techniques, the variants of AETs are potentially unlimited, some of these are known, others not yet. For example, monitoring and prevention technologies, developed by a security vendor that are based on the definition and updating of a list of known adverse events, makes it improbable to think we can represent all situations.

From this we can see that it is very complicated to be able to detect AETs; even with the use of techniques for validation of network protocols and applications, all without getting caught in an endless series of false positives.

A normalisation of traffic at all levels, a dynamic updating of the list of known events, flexibility and use of multiple inspection technique methods, can provide a solution that can significantly improve the reliability of these systems. In environments where the cloud is used, the risk is amplified by the number of people that rely on the cloud provider's data centres.

It is understandable that the problem is not merely a matter of technology or the adoption of the best solutions on the market. It's taken some time, but companies are beginning to realise that risks exist – just because an attack is not always manifested does not mean it hasn't happened.

Another realisation is that no security system can guarantee 100 per cent protection and reliability. A company can have utilised the best technologies on the market, but if it lacks constant and accurate monitoring of its resources, or thorough analysis and risk assessment, the results are lost.

The level of real risk involved may in fact exceed the estimated level, as the security solutions adopted may actually have lower reliability than believed, as the case of AET has demonstrated in a concrete and explicit manner.

Important investments in research and development, and testing, different than those normally performed by security vendors or certification laboratories, provide great value to aid the understanding of AETs.

Cloud computing environments have the same security risks of traditional network environments. AETs are capable of jeopardising company security regardless of where its own resources or applications reside. Due to the essence of cloud computing, which can host and manage a large number of clients, the threat is amplified and is addressed to a greater number of companies.

So what can we do? On the one hand, companies must begin to adopt a more conscious and responsible behaviour with regards to cloud, paying more attention to the infrastructure security adopted by the cloud computing provider.

On the other hand, the provider must ensure maximum effort is being made in securing cloud computing, by adopting solutions that can detect and block attacks, even AETs. By considering that the information security scenario in the coming years will be increasingly characterised by silent attacks, they will eventually becoming the least identifiable by traditional network security systems, so it's important that all efforts are being made to ensure greater security.

Ash Patel is country manager for UK & Ireland at Stonesoft