STONESOFT OYJ : Releases Evader - World's First Advanced Evasion Technique Testing Software For Free

Ready-made test lab improves protection against sophisticated attacks

Helsinki, Finland - July 24, 2012 - Stonesoft today released Evader, the world's first software-based testing tool that empowers organizations to test their network security solutions' ability to withstand advanced evasion techniques (AETs) increasingly used in sophisticated cyberattacks. Evader launches a set of AETs against a tester's own next generation firewall (NGFW), Intrusion Prevention System (IPS) and Unified Threat Management (UTM). As a result, organizations can understand whether these AETs pose a threat to their own networks and business-critical digital assets. Evader is available for free and can be downloaded at evader.stonesoft.com:
https://inpublic.huginonline.com/hugin/evader.stonesoft.com.

AETs are used to attack networks by combining several known evasion methodologies to create a new, earlier unknown and dynamically changing technique that is delivered over several layers of a network simultaneously. This allows the attacker to successfully deliver any exploit, malicious payload or code to a target host without detection.

The recent spate of successful cyberattacks against major organizations exposes fundamental design flaws in network security products, the same design flaws used by AETs. An AET disguised exploit looks normal to security products, which allow it to move inside the network without leaving a trace. Despite most security vendors promising 100 percent protection against evasions attacks, hackers are still breaching some of the world's most secure networks using more advanced methods like AETs.

"Network security vendors have ignored the problem posed by AETs for a number of years," said Andrew Blyth, professor at Glamorgan University and an AET expert. "Stonesoft's free Evader test tool makes securing against AETs accessible for organizations of all sizes. Hopefully, this will encourage the whole network security industry to come together and seriously research AETs and their ongoing threat."

Evader ensures that corporations and government agencies do not have to rely on lab-based, third-party testing and vendor promises to know whether their own security solutions can withstand AET attacks. As a simple test, it gives users the ability to take an easy assessment of anti-evasion readiness with their own configurations and security policies.

Evader is a ready-made test lab that includes a set of AETs. It enables an organization to run manually or automatically a variety of AET combinations that hide well-known MSRPC (vulnerability from 2008) and HTTP (2004) exploits, and then deliver them through the tested network security devices to a vulnerable target host image. The Evader includes a set of AETs that has gone through the CERT vulnerability coordination process that began two years ago. The essence of Evader is to provide hard facts about AET readiness of an organization's own security devices, support decision making and raise an organization's security level.

"Network security solution vendors have not taken AETs seriously enough, and organizations are paying the price through data breaches that put companies, federal agencies, and customers at risk," said Ilkka Hiidenheimo, founder and CEO of Stonesoft. "Customers and the whole security community have been asking us to provide deeper knowledge about AETs and demanding products that test for them. We're answering that need with Evader. By providing the tool for free, we're giving organizations the same level of knowledge that today's sophisticated hackers have and the ability to test their own environments for this risk." 

Stonesoft is demonstrating Evader in Las Vegas during the annual Black Hat event, July 21-26, 2012. During the demonstration, Stonesoft will test the leading security products for their ability to protect against AETs, including HP/Tipping Point, McAfee, Palo Alto Networks and SourceFire. 
Evader is available for visitors to Stonesoft Black Hat booth #213. 

To download Evader for free and learn more about the tool, please visit
evader.stonesoft.com:
https://inpublic.huginonline.com/hugin/evader.stonesoft.com.

For more information about advanced evasion techniques and Stonesoft's new Evasion Prevention System (EPS) please visit aet.stonesoft.com:
https://inpublic.huginonline.com/hugin/aet.stonesoft.com.

Contact:
For more information, please contact:
Juha Kivikoski
Chief Operating Officer
Stonesoft Corporation
Tel. + 358 40 5180 999
E-mail: juha.kivikoski(AT)stonesoft.com