AETs: The Dirty Little Truth About Security

By Michael Vizard  |  Posted 04-16-2014 Email

When it comes to security, every CIO experiences some level of angst and frustration. Despite growing investments in security, data breaches continue to regularly occur. A major reason is that digital miscreants of all types have access to advanced evasion techniques (AETs) which use a combination of evasion techniques, such as fragmentation and obfuscation, to bypass firewall and endpoint security techniques. AETs split up malicious payloads into smaller pieces and deliver them across multiple and rarely used protocols. Once inside, AETs reassemble themselves and unleash malware and continue their attack. A new survey of 800 CIOs and CISOs conducted by Vanson Bourne on behalf of McAfee, a unit of the Intel Security Division, finds that four in 10 respondents say AETs played a key role in enabling a breach to happen. McAfee reports that roughly 800 million different AETs exist, which accounts for why so many attacks are penetrating security defenses. McAfee says 75 percent of security products in use today have no ability to detect attacks cloaked in the form of an AET. Given all that’s at stake these days, the McAfee survey suggests that IT organizations need to take a harder look at the traffic coming through their network security defenses because a large portion of it is not as innocuous as it seems.

Mike Vizard has been covering IT issues in the enterprise for 25 years as an editor and columnist for publications such as InfoWorld, eWeek, Baseline, CRN, ComputerWorld and Digital Review.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login Register