Ready-Made Evasion Test Lab
What is Evader?
The 2017 NSS Labs NGFW Test reveals many of the leading next generation firewalls are vulnerable to Advanced Evasion Techniques (AETs) that can let exploits and malware (including aggressive ransomware attacks like WannaCry) to into your network undetected.
With Evader, the world’s premier software-based testing environment for evasions, you can see how well your firewalls and intrusion prevention systems (IPSs) defend against these threats.
Evader allows you to:
- Launch controlled AET-borne attacks at network security devices
- Interactively combine and adjust evasions
- See the results immediately
Note: Evader is not a hacking tool or a penetration test intended to transmit arbitrary exploits. It is offered solely for testing and should not be used against any systems outside your environment. Using AETs, Evader tests whether or not a known exploit can be delivered through security devices you specify to a target host.
Schedule a Live Interactive Demo of Evader
What are Advanced Evasion Techniques (AETs)?
Forcepoint’s network security group pioneered the detection of and defense against AETs – we literally wrote the book. Simply put, AETs are ways of manipulating the underlying transport of information over the network to get traffic through inspection systems and into your network. More and more, they’re being used in cyberattacks to carry exploits and malware that otherwise might have been caught by conventional networking devices.
For example, one type of evasion splits malware into pieces that are transmitted out of order. Defenses that aren’t designed to protect against evasions don’t see the malware and let the mixed up traffic through. Once inside your network, the malicious code gets reassembled and can attack your servers, databases, and users.
And that’s just the beginning. Cyberattackers can use these sorts of tricks across different layers of the network stack and can dynamically shift from one to another. Multiple evasions are often used together, resulting in millions of possible combinations.
Highly targeted and sophisticated attacks can take significant time and effort to create. To protect their investment, cybercriminals use AETs to send their malware “under the radar” so they can gain access to their victims’ networks without triggering immediate alarms. Defeating AETs makes it possible for inspection engines within network security devices to see the malicious code and take appropriate actions.
Why Do Evasions Matter?
Businesses and government agencies of all kinds are switching to digital technologies to operate more efficiently and productively. The information they’re creating is often very valuable and easy to steal, motivating thieves and competitors to develop and launch increasingly dangerous cyberattacks.
AETs help those attacks succeed because they expose a fundamental design flaw in many network security devices. The industry has known about evasions for some time, yet even in the most recent NSS Labs NGFW Test, only Forcepoint was close to 100% effective. It’s time to raise the bar.
Why should you be concerned about AETs and if your network security solutions stop them?
- AETs give malware a free pass onto your network.
- New AETs are constantly being created and deployed.
- Many security devices are fundamentally flawed, preventing them from effectively blocking AETs.
- Cybercriminals have a long history of using AETs and strong motivations to use them.
- Most organizations are vulnerable to AETs and don’t even know it.
With Evader, you can see if your network security devices are leaving you vulnerable to AETs.
How is Evader Used?
Evader enables people in many different roles to make security decisions based on solid facts rather than hunches or hype. With it, you can better assess your network security posture so that you can see whether your security controls are up to the task of countering emerging advanced threats.
It consists of 3 pieces: the evasion generator (which simulates a cyberattack that is obscured by AETs), the network security device being tested (which you choose), and a vulnerable target system. Note that Evader is designed to test whether the network security device lets attacks through, not whether the endpoint defenses on the target are working.
Evader is easily configured, allowing for a variety of flexible test sequences – from basic packet-size modifications to more advanced chaff and fragmentation evasion combinations. A visual interface enables you to:
- Select the type of device you wish to test
- Choose one of the well-known exploits to be used: MS-RPC (Conficker) or HTTP (phpBB)
- Select, combine, and tweak evasion techniques to stealthily deliver the exploits; these exploits are configured solely to open a benign application window (such as shell or calculator) on the target system
- Optionally automate the test to generate high-volume sequences
- Create and view exploit reports about the delivery of those exploits
Evader runs in both virtual and physical environments. It includes two static exploits and a controlled set of dynamic AETs.
NOTE: Evader is not intended to be used to deliver arbitrary exploits or for malicious purposes.
See if You’re Protected
Evader makes it immediately obvious whether or not your network security device is defeating Advanced Evasion Techniques (AETs).
Successful Attacks Are Immediately Visible
Whenever Evader is successful at evading the protections in a device being tested, the results are immediately visible on the target system’s screen. A variety of attacks are available, ranging from popping up a benign window (such as a shell or calculator) to rebooting the target system.
Evader succeeds against many brands of devices – even those that are running their vendors’ recommended configurations and have scored well on industry tests of security.
Forcepoint NGFW is one of the few network security products to take evasions seriously. As the pioneer in AET defenses, we’ve spent years honing our firewall to provide unrivaled effectiveness in defeating evasions. Our global research team is constantly on the lookout out for new threats to detect and new ways to protect our customers.