Network security software specialist Stonesoft says it has seen close to 2,000 downloads of its Evader Advanced Evasion Technique (AET) testing tool in the month since launch, but insists more needs to be done to tackle the threat and is calling on its channel to help.
Evader takes the form of a 15 minute test that launches Advanced Evasion Technique (AET) attacks against next-gen firewall, IPS and UTM kit to help resellers and end-users identify vulnerabilities in their security equipment.
AETs attack networks by combining evasion methodologies to create dynamically-changing techniques that can be delivered over several layers of a network simultaneously. This allows attackers to exploit known exploits, malicious payloads or code to a target host without being spotted, because the AET disguises traffic to look mostly harmless to security products.
Stonesoft claims it is persistently identifying new AETs on a weekly basis, according to UK country manager Ash Patel.
“We have to ask how ethical is it to push the message that end-users are safe from these attacks when we can prove that they aren’t,” Patel told MicroScope.
Since first raising the problem of AETs two years ago Stonesoft has been attempting to reach out to its rivals out of what it feels is a moral responsibility to alert users to massive flaws in their security equipment, however it has seen little traction, which Patel said was probably down to reluctance in the security industry to lose face by conceding there was a problem to begin with.
The company reckons that by sharing the knowledge it has gained in this way it can raise more general awareness and maybe begin to turn the tide. It has also teamed up with network defence and forensics expert, University of Glamorgan professor Andrew Blyth, to help back up its findings.
Patel said: “We have seen a good mix of people downloading, including competitors, end users, academics and resellers.
“We would actively encourage resellers to be using Evader as part of their kit bag,” he added, particularly those offering managed security services, where the importance of the ‘trusted advisor’ reseller-customer dynamic is paramount.