Stonesoft has announced the launch of a free testing tool to help organisations detect and prevent Advanced Evasion Techniques (AETs).
Named the Evader, it said that it launches AETs against next generation firewalls, Intrusion Prevention Systems and Unified Threat Management products and helps organisations establish the threat AETs pose to their network and business-critical digital assets.
According to the company, Evader includes dynamic AET samples that have been through the Computer Emergency Response Team (CERT) vulnerability coordination process, which began in 2010.
It can run manual or automatic combinations of AETs to hide well-known MSRPC- (vulnerability from 2008) and HTTP-(2004) exploits and deliver them through the tested network's security devices to a vulnerable target host image.
Speaking to SC Magazine, Matt McKinley, manager of technical services at Stonesoft US, said that Evader is a stripped down version of its Predator tool, and is designed to help protect against a range of evasions which works with most defence layers.
He said: “It is placed in the hands of the user who can use the tool to test their environments in any technology they want. Some of the AETs are very old, and others have gone through our AET research from 2010. All of the evasions are well known and security vendors have been told about them.”
Ilkka Hiidenheimo, founder and CEO of Stonesoft said: “The recent spate of cyber-attacks against major organisations has demonstrated that despite vendors promising 100 per cent protection against AETs, hackers are still finding ways to bypass network security appliances.
“Releasing Evader is the next step in our understanding of and ability to counter this growing threat and it allows organisations to test their own defenses. In our view, vendors have not taken AETs seriously enough and organisations are paying the price through data breaches that put companies, federal agencies, and customers at risk.“Customers and the whole security community has been asking us to provide deeper knowledge about AETs and demanding products that test for AETs, we're answering that need with Evader. By providing the tool for free, we're giving organisations the same level of knowledge that today's sophisticated hackers have and the ability to test their own environments.”