Stonesoft, a leading network security provider, announced today the discovery of the latest AETs (advanced evasion techniques) that can pose severe threats to global network security landscape. These new AET risks considerably extend the information currently available on evasion techniques.
AETs can provide cyber criminals of today with access to vulnerable systems like CRM and ERP applications by breaching security systems. Consequently, organizations risk losing control of confidential corporate data. Furthermore, these AETs may be used by professional cyber criminals and terrorists for conducting potentially dangerous and illegal activities.
The facts on this discovery were shared with Finland's CERT-FI for vulnerability coordination purposes as well as ICSA labs for validation. A vulnerability statement about AETs was issued by CERT-FI on 4th October, and it plans to renew it on 18th October.
Head of CERT-FI's vulnerability coordination Jussi Eronen said, "The issues identified by Stonesoft affect a range of content inspection technology. Continuous cooperation among CERT-FI, Stonesoft and other network security vendors is essential for remediating the identified vulnerabilities. CERT-FI strives to facilitate this process".
Commenting on the newly discovered AET threats, CEO of Stonesoft Juha Kivikoski said that there is "reason to believe that we have seen just the tip of the iceberg", while warning that the undetectable and dynamic nature of these AETs can directly impact the network security infrastructure. "The industry is facing a non-stop race against this type of advanced threats and we believe only dynamic solutions can address this vulnerability", he said.
