When I write, my intention is to bring to light the discoveries we make here at McAfee. It’s really important to me that we share our experiences and our solutions with the public and our customers, because without this knowledge-sharing, we are all very much at risk in the online world. What’s really encouraging to me, however, is when the information we share is reinforced and then reiterated by influential analysts and specialists.
Last month, McAfee issued a report entitled, The Security Industry’s Dirty Little Secret, about Advanced Evasion Techniques (AETs). By surveying 800 CIOs and security managers in the US, UK, Germany, France, Australia, Brazil, and South Africa we learned that because today’s threats are morphing and developing so quickly most organizations cannot keep up. More specifically, CIOs do not have the insight or the resources to fully understand that AETs are one of today’s biggest and most destructive threats. I dissected the report in my post entitled, No More Secrets: Report Exposes Severe Corporate Risk and provided three key overarching insights to help CIOs and other security managers better understand AETs and how to protect against them.
Now, here’s the really validating part. Tony Palmer, ESG Senior Engineer, recently wrote a blog entitled, Advanced Evasion Techniques: Dirty, Little, Secret Weapons, that completely backs up our concerns about the industry and AETs. He writes, “Many organizations are so intent on identifying new malware that they are failing to address or in some cases even recognize AETs that can enable malware to circumvent their security defenses. AETs pose a great threat because most security solutions can’t detect, much less stop them. Security professionals and executive managers need to wake up to this real and growing threat.”
While we know that our McAfee Next Generation Firewall is the answer to protecting against advanced evasions that combine multiple techniques simultaneously across multiple protocols to create more than 800 million unique combinations, Palmer agrees. He writes, “The McAfee Next Generation Firewall uses data normalization techniques to enable full inspection of data traffic by reconstructing data streams that have been hidden or obscured by AETs. Data normalization deconstructs or decodes packets for all protocols, at all layers of the stack. McAfee fully inspects and reconstructs data streams, identifying evasions that can carry or forge the path for exploits and removing them.”
At McAfee, we developed the Evader Downloadable Tool to really hit home the point that evasions can be used to easily bypass multiple types of network perimeter solutions. In his write up, Palmer states that ESG Lab used Evader and confirmed our claims. “Malware was installed and actions were remotely performed without the device even noticing. When no evasions were used, the malware was detected and blocked at the perimeter. The McAfee next generation firewall was able to detect the evasions and block access in every configuration the ESG Lab teams tried.
It’s a huge relief to me to know that reputable firms like ESG and their tenured engineers are being proactive in educating the market and their readers about the latest threats. The more we band together to strengthen security, the safer we will all be as we navigate the choppy waters of cyberspace. So, thank you to ESG Labs and Tony Palmer for reinforcing the destructive power of AETs.