Skip to page contents

---

International (select)  Extranet |

---

---

Products    Training    Support    Downloads    Partners Contact | About us | Press & Media | Investor Relations

---

Press Releases | RSS Feeds | Events | Expert Insights | Newsroom | Brand Place | Contact Information | Use Terms |

---

• English
• 2012
• 2011
• 2010
• 2009
• 2008
• 2007
• 2006
• 2005
• 2004
• 2003
• English (US)
• Deutsch
• Español
• Français
• Italiano
• Suomeksi

---

---

Press Release

Stonesoft: Cybercriminals are able to deliver Advanced Evasion Techniques across HTTP protocol

Helsinki, Finland, 4 October 2011 – Network security vendor Stonesoft has today announced the discovery that Advanced Evasion Techniques are deliverable across the port-80, HTTP protocol, making them a very real and credible threat to the security of organisations worldwide.

Stonesoft announced its discovery of Advanced Evasion Techniques (AETs) in October 2010. AETs are essentially a new category of cyber-attacks, which provide cybercriminals with a master key to access vulnerable systems. Using AETs, malware can be disguised so it looks safe and then delivered past security appliances completely undetected.

Since the initial discovery Stonesoft has carried extensive research into the threat category and is currently the lead researcher in that area.

The most recent discovery reveals that AETs can also be deployed across the HTTP protocol and will not be blocked by Firewalls. Until recently, AETs have been viewed as an internal threat which only operate inside a network and only affect IPS appliances. However, this recent research has revealed they can also bypass firewalls and be deployed externally across web traffic.

“We are increasingly seeing evidence of AETs being used in the wild and the threat they pose to organisations worldwide is growing. Recent research has revealed that AETs are deliverable across HTTP protocol, amongst others, and this essentially means that any company with a connection to the internet is at risk of the threat. There seems to be a common misconception that AETs are an internal threat but this has been proven not to be the case. It is important to note when AETs are delivered via HTTP (web) they are able to bypass Firewalls and IPS devices, this is clear evidence that they can originate and be deployed from outside the corporate network,” said Professor Andrew Blyth, Head of Advanced Technology at The University of Glamorgan, UK.

This revelation makes the threat posed by AETs more real than was previously estimated. Stonesoft urges network security vendors to wake up from their complacency.

Stonesoft is currently working closely with the University of Glamorgan in the United Kingdom in order to carry out academic and field research into Advanced Evasion Techniques. For more information, please read the press release: http://www.stonesoft.com/en/press_and_media/releases/en/2011/04102011.html

For more information about AETs, please visit  www.stonesoft.com and www.antievasion.com.

Contact:

For more information, please contact:

Klaus Majewski
Director, Business Development
Stonesoft Corporation
Tel. +358 40 824 7908
E-mail: klaus.majewski(AT)stonesoft.com

About Stonesoft

Stonesoft Corporation (NASDAQ OMX: SFT1V) is an innovative provider of integrated network security solutions to secure the information flow of distributed organizations. Stonesoft customers include enterprises with growing business needs requiring advanced network security and always-on business connectivity.

StoneGate™ Secure Connectivity Solution unifies firewall, VPN (Virtual Private Network), IPS (Intrusion Prevention System) and SSL VPN blending network security, end-to-end availability and award-winning load balancing into a unified and centrally managed system. The key benefits of StoneGate the solution include low TCO (Total Cost of Ownership), excellent price-performance ratio and high ROI (Return on Investment). The StoneGate Virtual Security Solutions protect the network and ensure business continuity in both virtual and physical network environments.

StoneGate Management Center provides unified management for StoneGate Firewall with VPN, IPS and SSL VPN. StoneGate Firewall and IPS work together to provide intelligent defense all over the enterprise network while StoneGate SSL VPN provides enhanced security for mobile and remote use.

Founded in 1990, Stonesoft Corporation is a global company with corporate headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia. For more information, visit www.stonesoft.com,  www.antievasion.com and the corporate blog http://stoneblog.stonesoft.com.

Tuesday, October 4, 2011

---