AETs: The Dirty Little Truth About Security

 
 
By Michael Vizard  |  Posted 04-16-2014 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Number of Admitted Breaches
    Next

    Number of Admitted Breaches

    Roughly one in five respondents (22%) admits their network has been breached in the last 12 months.
  • Previous
    Average Cost of a Security Breach
    Next

    Average Cost of a Security Breach

    Estimated average cost globally is $931,006. In the U.S., that number rises to $1 million on average.
  • Previous
    The Rise of Advanced Evasion Techniques (AETs)
    Next

    The Rise of Advanced Evasion Techniques (AETs)

    Of those suffering a breach, 44% say they believe an AET played a key role.
  • Previous
    Percentage of Those Breached With AET Detection Capability
    Next

    Percentage of Those Breached With AET Detection Capability

    Of those admitting to or knowing of a breach, 17% say they had an AET defense in place.
  • Previous
    Percentage That Think They Have an AET Defense in Place
    Next

    Percentage That Think They Have an AET Defense in Place

    Fifty percent of respondents who deployed an intrusion prevention system and endpoint security said they could defend against AETs despite the fact that these tools don’t defend against AETs.
  • Previous
    AET Confusion
    Next

    AET Confusion

    While 70 percent claim to know what an AET is, only 37 percent of them incorrectly identified the term's meaning.
  • Previous
    A Lack of Detection Capabilities
    Next

    A Lack of Detection Capabilities

    Thirty-nine percent said they don’t have a mechanism for detecting AETs.
  • Previous
    Biggest Issue with AETs
    Next

    Biggest Issue with AETs

    Two-thirds of the respondents (63%) report that convincing their board that AETs are a serious threat is a major challenge.
 

When it comes to security, every CIO experiences some level of angst and frustration. Despite growing investments in security, data breaches continue to regularly occur. A major reason is that digital miscreants of all types have access to advanced evasion techniques (AETs) which use a combination of evasion techniques, such as fragmentation and obfuscation, to bypass firewall and endpoint security techniques. AETs split up malicious payloads into smaller pieces and deliver them across multiple and rarely used protocols. Once inside, AETs reassemble themselves and unleash malware and continue their attack. A new survey of 800 CIOs and CISOs conducted by Vanson Bourne on behalf of McAfee, a unit of the Intel Security Division, finds that four in 10 respondents say AETs played a key role in enabling a breach to happen. McAfee reports that roughly 800 million different AETs exist, which accounts for why so many attacks are penetrating security defenses. McAfee says 75 percent of security products in use today have no ability to detect attacks cloaked in the form of an AET. Given all that’s at stake these days, the McAfee survey suggests that IT organizations need to take a harder look at the traffic coming through their network security defenses because a large portion of it is not as innocuous as it seems.

 
 
 
 
 
Mike Vizard has been covering IT issues in the enterprise for 25 years as an editor and columnist for publications such as InfoWorld, eWeek, Baseline, CRN, ComputerWorld and Digital Review.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register