Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/26/2013
10:38 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Stonesoft Releases Evader 2.01 Advanced Evasion Testing Tool

Free security software identifies weaknesses in company networks against advanced evasion techniques

SAN FRANCISCO--(BUSINESS WIRE)--Stonesoft today released Evader 2.01 an updated version of the world´s first advanced evasion software testing tool. Since its initial release at Black Hat in July, thousands of companies have downloaded the tool to identify potential security risks in their network.

Evader 2.01 provides organizations with a free tool that can be used to test their network's ability to withstand advanced evasion techniques (AETs). Evader 2.01 includes a new graphical user interface to improve usability and the tool supports multiple evasion techniques and can be used in any test environment.

AETs are used to attack networks by combining several known evasion methodologies to create a new, earlier unknown and dynamically changing technique that is delivered over several layers of a network simultaneously. This allows the attacker to successfully deliver any exploit, malicious payload or code to a target host without detection.

"Breaches continue to occur where corporations have invested heavily in security solutions. However, design flaws in existing firewalls and intrusting prevention systems are being exploited" said Ilkka Hiidenheimo, CEO of Stonesoft. "Attackers are more sophisticated today and employ evasive techniques to avoid detection. Organizations must be aware of these types of attacks and Evader can be used to help them find out whether they can resist the attacks."

Evader 2.01 is a ready-made test lab that includes a set of AETs. It enables an organization to run manually or automatically a variety of AET combinations that hide well-known MSRPC (vulnerability from 2008) and HTTP (2004) exploits, and then deliver them through the tested network security devices to a vulnerable target host image. Evader 2.01 includes a set of AETs that has gone through the CERT vulnerability coordination process, which began two years ago. The essence of Evader is to provide hard facts about AET readiness of an organization's own security devices, support decision making and raise an organization's security level.

Stonesoft is demonstrating Evader 2.01 in San Francisco during the annual RSA Conference at booth #1953, February 25 to March 1, 2013. During the demonstration, Stonesoft will test leading security products for their ability to protect against AETs, including HP/Tipping Point, McAfee, Palo Alto Networks and SourceFire.

To download Evader for free and learn more about the tool, please visit evader.stonesoft.com. For more information about advanced evasion techniques and Stonesoft's new Evasion Prevention System (EPS) please visit aet.stonesoft.com.

About Stonesoft

Stonesoft Corporation (NASDAQ OMX: SFT1V) delivers dynamic, software-based network security solutions that secure information flow for more than 6500 mid- and large-sized organizations across the globe. These include the industry's first transformable Security Engine as well as standalone next generation firewalls, intrusion prevention systems and SSL VPN solutions. At the core of these solutions is the Stonesoft Management Center, which unifies and simplifies the management of entire networks while reducing TCO. Stonesoft is a recognized researcher of advanced evasion techniques and has the highest customer retention rate in the industry. Founded in 1990, the company's corporate headquarters are based in Helsinki, Finland with North American headquarters in Atlanta, Georgia. For more information, please visit www.stonesoft.com or stoneblog.stonesoft.com. Follow Stonesoft at twitter.com/Stonesoft_US.

- See more at: http://www.rsaconference.com/events/2013/usa/for-media/sponsor-news.htm#sthash.x5KyYPIe.dpuf

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14300
PUBLISHED: 2020-07-13
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
CVE-2020-14298
PUBLISHED: 2020-07-13
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
CVE-2020-15050
PUBLISHED: 2020-07-13
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
CVE-2020-10987
PUBLISHED: 2020-07-13
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10988
PUBLISHED: 2020-07-13
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.