To say cyber threats are getting more advanced may be the understatement of the year. Every minute, our 500-plus team at McAfee Labs learns something new about the behavior of malware and other types of network attacks. The most commonly undetected threat these days is the advanced evasion technique (AET). In the most basic terms, an AET is a type of network attack that combines several different known evasion methods to create a new technique that is then delivered over several layers of the network simultaneously. Here’s the kicker: the code in the AET itself is not necessarily malicious; the danger is that the technology enables malware to circumvent virtually all security defenses – rendering most security solutions defenseless because they can’t detect, much less stop them.
When McAfee was doing its due diligence prior to acquiring Stonesoft in 2012, we learned that its firewall technology was built from the ground up and was truly the industry’s first future-proof next generation security engine. Not to mention, its security was purpose-built to protect organizations from the growing threat of AETs. Stonesoft was so far ahead of the curve when it came to understanding this growing threat. The company was obsessed with developing integrated and advanced firewall technology as the answer to protecting against these evasions that can combine multiple techniques simultaneously across multiple protocols to create more than 800 million unique combinations. It was clear that our enterprise customers needed this technology. So, we acquired Stonesoft in 2013.
While we knew our decision to acquire Stonesoft and integrate its technology into our portfolio was solid, it sometimes feels good to know that third-party experts agree. In fact, Tony Palmer, Senior Engineer at ESG Labs, validated this in his ESG Labs Report on McAfee Next Generation Firewall and then followed up with a blog.
In his blog, Palmer reiterates the threat of AETs by saying, “Advanced persistent threats (APTs) have been a huge focus in network security discussions over the past few years with good reason. Numerous organizations are implementing new solutions to protect themselves from this determined type of malware. Even so, cyber criminals have been penetrating the network defenses of even the most robust security infrastructures, including some very high-profile enterprises. How do they do it? Using AETs.”
Since the ESG Labs report, and the validation from Palmer, ten more highly-regarded industry experts have stepped up to speak out on AETs and what may be in store for the world of online security if we don’t get our arms around this threat. Take a look at this piece entitled, “Industry Experts Speak Out on Advanced Evasion Techniques” to get a solid overview of AETs and how they behave, along with some brilliant Industry Insights. I think you may be surprised at the results and what’s next.