High profile hacking incidents such as the recent cyber attacks on eBay and shoe retailer Office have encouraged a number of businesses to take the threat of cybercrime seriously of late. Yet while many corporations believe their online security offers them full protection against such incidents, there are a number of threats that can penetrate even the most seemingly robust firewalls.
Recently Andy Archibald, deputy director of the UK’s National Cyber Crime Unit, made a plea to businesses to get in contact with the unit when faced with cybercrime. Archibald believes that the private sector can help the agency uncover threats that it may not have previously been aware of – clearly demonstrating there are still a number of threats which go under the radar both within the private and public sectors.
The hidden problem
One particular security issue that continues to be both missed and ignored within businesses is Advanced Evasion Techniques (AETs). AETs are specific stealth-like hacking methods, deployed by hackers to deliver malicious payloads.Their ability to disguise themselves makes them a significant threat to enterprises, as they are frequently able to target networks undetected.
While businesses may feel safe behind traditional firewalls or IPS appliances, AETs are smarter than most security devices and require specific protection. Using AETs, an attacker is able to divide an exploit into portions, often relying on rarely-used protocol properties in unexpected combinations, which are able to sidestep traditional security methods.
Although many IPS appliances and firewalls are awarded with high ratings in industry tests, those ratings are based on a limited number of threats, which often excludes the majority of AETs. The exact number of AETs is unknown, however it is close to the hundreds of millions, and their stealth-like presence means they can go undetected on a network for weeks, or even months at a time.
Head in the sand
A recent survey by McAfee uncovered that half of IT decision makers in the UK are not taking precautions against AETs. The study with Vanson Bourn, surveyed 800 CIOs and security managers from the UK, United States, Germany, France, Australia, Brazil, and South Africa, uncovered the misunderstandings, misinterpretation, and ineffective safeguards in use by many of the security experts charged with protecting sensitive data.
Nearly 40% of IT decision makers admitted they did not deploy methods to detect and track AETs within their organisation. Two thirds of respondents claimed that convincing the board that AETs are a real and serious threat provided the main barrier to encouraging the organisation to protect itself from this particular method of attack. However despite the views of many top level execs, AETs are both real and serious – those respondents that fell victim to such attacks reported an average cost of over £600,000 of damage.
If traditional firewalls aren’t cutting it, what features can a next generation firewall include to ensure enterprises are covered against this costly threat?
Data normalisation and AET readiness
In order to protect a business from the growing number of AETs, it is important to normalise all data traffic, before activating evasion detections. Traditional devices often rely on security shortcuts to optimise throughput performance, providing only partial normalisation and inspection – putting the entire network at risk. It is not enough to simply test for evasions using data snapshots, and solutions that have limited visibility to data packets or pseudo packets are similarly insufficient.
Today, hackers spend weeks or even months studying a business’ public facing network footprint, looking for that one small vulnerability that will allow them to gain a foothold into the network. Missing any evasion type opens the door for a hacker to use an entire class of exploits to undermine security products, rendering them useless.
> See also: Rethinking security for a software-defined world
Detection and reporting
In order to stay on top of AETs, it’s necessary to remain constantly aware of real-time threats through strong reporting. Large enterprises require more than just standard reports. Rigorous logging and reporting requires complete visualisation of users, servers, networks, threats, responses, bandwidth usage, application usage and anomalies, in order to enable network teams to spot security problems and act quickly.
Dynamic security updates
As highlighted by Archibald’s plea for businesses to alert the UK’s National Cyber Crime Unit to security issues, the cybercrime landscape is constantly evolving. It’s important to use advanced threat intelligence that has the ability to research new threats and update the organisation continuously.
Beyond protecting the network, it is essential to secure endpoints. With enterprises increasingly relying on tablets and mobile, it is important to ensure these are not unwittingly providing hackers easy access to the network.
> See also: Cyber security: the solutions aren’t working
Traditional firewalls are not enough against today’s sophisticated threat landscape. With hackers developing ever-new and stealth-like ways of gaining access to the network, it is important that corporations rely on a robust next generation firewall and a connected security strategy across the entire enterprise, from network to endpoint.
IT decision makers across enterprises need to stop burying their heads in the sand and take action against sophisticated advanced evasion techniques before hackers take advantage of firewall vulnerabilities.