These are the days when it becomes crystal clear just how vital it is to be fighting on the front lines of the advancing cyber war – developing defenses to help organizations protect what is so rightfully theirs. Today, as I read the findings from a 2014 Vanson Bourne report that surveyed 800 CIOs and security managers in the US, UK, Germany, France, Australia, Brazil, and South Africa, it is evident that the work we do on the network security-side of McAfee is truly justified. The findings confirm that the threats are morphing and developing so quickly that most organizations cannot keep up. More specifically, CIOs do not have the insight or the resources to fully understand one of today’s biggest and most destructive threats – Advanced Evasion Techniques (AETs).
Not only do the findings show that CIOs do not fully understand AETs, but they erroneously think that because they have protection against advanced persistent threats (APTs) and the advanced evasions techniques (AETs) used by APTs. The reality is that APTs and AETs require very different techniques to identify and stop them. This means that even if a network security device protects against APTs, it cannot be assumed that it can also protect against evasions. Not all network security devices are considered equal. So this erroneous thinking creates a false sense of security against evasions resulting in not only loss of data, but the loss of profits, customers, and confidence. Based on the findings in this report entitled, The Security Industry’s Dirty Little Secret, I am hopeful that these three overarching insights will help CIOs and other security managers better understand AETs and how to protect against them:
1. APTs and AETs are radically different
APTs are not new – in fact, they have been on the minds of network security professionals for years. Organizations have built up their defenses yet malware continues to make itself in and completing high profile exfiltrations. Although well-trained and experienced, most security professionals are not being provided with all the facts, nor are they being provided with security that digs down to protect against evasions. These evasions, referred to as advanced evasion techniques (AETs), are widespread and well-known among the hacking community and are often used by APTs. While the AET is not, in and of itself, an attack, the AET is used to disguise an attack. Think of it this way: A set of dynamic AETs is used together as a virtually undetectable “master key” to open the locked-down network.
2. One thing your solutions provider probably never told you
After extensive research, McAfee Labs started identifying AETs and realized that they were quite prevalent in cybercrime circles. The truth is that cyber criminals have been using this technology to infiltrate and exfiltrate data for quite some time – and most reputable security providers know it. When McAfee discovered how AETs operate, we were determined that this very real threat would no longer be kept a secret. Our customers and their organizations were at risk, and we needed a viable solution to expose and disarm this weapon ASAP. So, we acquired Stonesoft, a leading innovator in next generation firewalls. At the time, our team knew this acquisition was the fastest, most iron-clad way to ensure that our network security products would be strong enough to defend against AETs.
3. The ‘Cat and Mouse Game’ cannot possibly work
What Stonesoft afforded McAfee is technology that can protect against over 800 million AET strains. Think about how comprehensive the protection must be in order to identify and block that many variations. Honestly, how can solution providers who simply uncover the particular exploit tool and then react to it possibly defend against this volume? There is no way that a reactionary ‘Cat and Mouse Game’ of this magnitude could possibly be successful.
If you aren’t already convinced that AETs are misunderstood, extremely dangerous, and need to be stopped, here are the top findings from the Vanson Bourne report:
- More than one in five admits their network was breached (22%) and nearly 40% of those breached believe that AETs played a key role.
- A full 39% of IT decision makers do not believe they have methods to detect and track AETs within their organization.
- Almost two thirds of respondents (63%) say that the biggest challenge when trying to implement technology against AETs is convincing the board they are a real and serious threat.
There is no debate that AETs are real and dangerous. We know that there are millions of working combinations and permutations of AETs that may change form during an attack, which is why traditional signature or pattern-match detection cannot effectively defend against AETs. In the interest of organizations everywhere, it is our goal to give CIOs and security managers ammunition in the fight against AETs – disclosing to decision-makers that these threats are real and that their security providers must take them seriously by devoting massive energy into a comprehensive AET defense strategy.