Actu
Stonesoft introduces New Anti-Evasion Readiness Test Tool and Service
June 2011 by Marc Jacob
Stonesoft announced the debut of the world’s first Anti-Evasion Readiness Test™ service. This service tests how well an organization’s critical digital assets are protected against advanced evasion techniques (AETs). The service will be provided by selected, independent IT service organizations around the world.
The Anti-Evasion Readiness Test service leverages the StoneGate evasion testing software developed by Stonesoft Labs to test, assess and report security devices’ capabilities to protect against advanced evasion techniques (AETs). AETs are a means to disguise and/or to modify network attacks to avoid detection and blocking by the network security systems. In practice, evasions enable advanced cyber criminals to deliver any malicious content, exploits or attacks to a vulnerable system without leaving a trace. Based on latest knowledge and research, AETs can bypass the majority of the existing security devices.
The service has been developed to meet the needs of organizations relying on network security devices like Next Generation Firewalls and Intrusion Prevention Systems with deep packet inspection. These devices protect mission critical computer networks, sensitive data assets, critical systems such as CRM and ERP, and SCADA networks. These systems are attractive targets for cyber criminals and AETs offer an effective way of executing successful attacks. For many organizations, securing these areas is crucial for meeting compliance and audit requirements.
The StoneGate evasion testing tool is the most comprehensive evasion testing software on the market today, including also the most recent evasion techniques discovered by Stonesoft, which have been reported to the vendor community through the CERT coordination process. What distinguishes the Anti-Evasion Readiness Test service from the existing lab and vendor device testing methods is that the tests are conducted using the organizations’ own security devices and configurations as they are running in production environment.
As an end result of the service, customers will get a comprehensive test report about evasion detection and block rates on different protocol levels. The test report also includes practical recommendations and risk mitigation advice. The test does not require any in house expertise or investments in the testing tools.
