What are Evasions?
Industry tests reveal that many of the leading next generation firewalls (NGFW) are vulnerable to evasions. Evasions take advantage of design flaws in many firewalls and allow exploits and malware (including aggressive ransomware attacks like WannaCry) into your network undetected.
Test your Network Security with Evader
With Evader, the world’s premier software-based testing environment for evasions, you can see how well your firewalls and intrusion prevention systems (IPSs) defend against these threats by:
- Launching controlled evasion-borne attacks at network security devices
- Interactively combining and adjusting evasions
- Seeing the results immediately
Note: Evader is not a hacking tool or a penetration test intended to transmit arbitrary exploits. It is offered solely for testing and should not be used against any systems outside your environment. Using AETs, Evader tests whether or not a known exploit can be delivered through security devices you specify to a target host.
Evasion Detection and Defense
Forcepoint’s network security group literally wrote the book on evasions, which manipulate the underlying transport of information over the network to get traffic through inspection systems and into your network. More and more, they’re being used in cyberattacks to carry exploits and malware that otherwise might have been caught by conventional networking devices.
For example, one type of evasion splits malware into pieces that are transmitted out of order. Defenses that aren’t designed to protect against evasions don’t see the malware and let the mixed up traffic through. Once inside your network, the malicious code gets reassembled and can attack your servers, databases, and users.
And that’s just the beginning. Cyberattackers can use these sorts of tricks across different layers of the network stack and can dynamically shift from one to another. Multiple evasions are often used together, resulting in millions of possible combinations. An effective evasion defense makes it possible for inspection engines within network security devices to see the malicious code and take appropriate actions.
The industry has known about evasions for some time, yet even in the most recent NSS Labs NGFW Test, only Forcepoint was close to 100% effective. It’s time to raise the bar.
With Evader, you can see if your network security devices are leaving you vulnerable to evasions.
How is Evader Used?
With Evader, you can better assess your network security posture so that you can see whether your security controls are up to the task of countering emerging advanced threats.
It consists of 3 pieces: the evasion generator (which simulates a cyberattack that is obscured by evasions), the network security device being tested (which you choose), and a vulnerable target system. Note that Evader is designed to test whether the network security device lets attacks through, not whether the endpoint defenses on the target are working.
Evader is easily configured, allowing for a variety of flexible test sequences – from basic packet-size modifications to more advanced chaff and fragmentation evasion combinations. A visual interface enables you to:
- Select the type of device you wish to test
- Choose one of the well-known exploits to be used: MS-RPC (Conficker) or HTTP (phpBB)
- Select, combine, and tweak evasion techniques to stealthily deliver the exploits; these exploits are configured solely to open a benign application window (such as shell or calculator) on the target system
- Optionally automate the test to generate high-volume sequences
- Create and view exploit reports about the delivery of those exploits
Evader runs in both virtual and physical environments. It includes two static exploits and a controlled set of dynamic evasions and it's immediately obvious whether or not your network security device is protecting against evasions.
Evader surpasses many devices, including those running their vendors’ recommended configurations and have scored well on industry tests of security.
Forcepoint NGFW pioneered evasion defenses. We’ve spent years honing our firewall to provide unrivaled effectiveness in defeating evasions and our global research team is constantly on the lookout out for new threats to detect and new ways to protect our customers.