Stonesoft Releases Evader - World's First Advanced Evasion Technique Testing Software For Free

Ready-made test lab improves protection against sophisticated attacks Helsinki, Finland - July 24, 2012 - Stonesoft today released Evader, the world's first software-based testing tool that empowers organizations to test their network security solutions' ability to withstand advanced evasion techniques (AETs) increasingly used in sophisticated cyberattacks. Evader launches a set of AETs against a tester's own next generation firewall (NGFW), Intrusion Prevention System (IPS) and Unified Threat Management (UTM). As a result, organizations can understand whether these AETs pose a threat to their own networks and business-critical digital assets. Evader is available for free and can be downloaded at AETs are used to attack networks by combining several known evasion methodologies to create a new, earlier unknown and dynamically changing technique that is delivered over several layers of a network simultaneously. This allows the attacker to successfully deliver any exploit, malicious payload or code to a target host without detection. The recent spate of successful cyberattacks against major organizations exposes fundamental design flaws in network security products, the same design flaws used by AETs. An AET disguised exploit looks normal to security products, which allow it to move inside the network without leaving a trace. Despite most security vendors promising 100 percent protection against evasions attacks, hackers are still breaching some of the world's most secure networks using more advanced methods like AETs. "Network security vendors have ignored the problem posed by AETs for a number of years," said Andrew Blyth, professor at Glamorgan University and an AET expert. "Stonesoft's free Evader test tool makes securing against AETs accessible for organizations of all sizes. Hopefully, this will encourage the whole network security industry to come together and seriously research AETs and their ongoing threat." Evader ensures that corporations and government agencies do not have to rely on lab-based, third-party testing and vendor promises to know whether their own security solutions can withstand AET attacks. As a simple test, it gives users the ability to take an easy assessment of anti-evasion readiness with their own configurations and security policies. Evader is a ready-made test lab that includes a set of AETs. It enables an organization to run manually or automatically a variety of AET combinations that hide well-known MSRPC (vulnerability from 2008) and HTTP (2004) exploits, and then deliver them through the tested network security devices to a vulnerable target host image. The Evader includes a set of AETs that has gone through the CERT vulnerability coordination process that began two years ago. The essence of Evader is to provide hard facts about AET readiness of an organization's own security devices, support decision making and raise an organization's security level. "Network security solution vendors have not taken AETs seriously enough, and organizations are paying the price through data breaches that put companies, federal agencies, and customers at risk," said Ilkka Hiidenheimo, founder and CEO of Stonesoft. "Customers and the whole security community have been asking us to provide deeper knowledge about AETs and demanding products that test for them. We're answering that need with Evader. By providing the tool for free, we're giving organizations the same level of knowledge that today's sophisticated hackers have and the ability to test their own environments for this risk." Stonesoft is demonstrating Evader in Las Vegas during the annual Black Hat event, July 21-26, 2012. During the demonstration, Stonesoft will test the leading security products for their ability to protect against AETs, including HP/Tipping Point, McAfee, Palo Alto Networks and SourceFire. Evader is available for visitors to Stonesoft Black Hat booth #213. To download Evader for free and learn more about the tool, please visit For more information about advanced evasion techniques and Stonesoft's new Evasion Prevention System (EPS) please visit Contact: For more information, please contact: Juha Kivikoski Chief Operating Officer Stonesoft Corporation Tel. + 358 40 5180 999 E-mail: juha.kivikoski(AT) About Stonesoft Stonesoft Corporation (NASDAQ OMX: SFT1V) delivers software based, dynamic and customer driven network security solutions that secure the information flow and simplify security management. The company's product portfolio consists of the industry's first transformable Security Engine, standalone next generation firewalls and intrusion prevention systems, and SSL VPN solutions. At the core lies Stonesoft's Management Center which unifies the management of entire networks. Stonesoft serves private and public sector organizations requiring high availability, ease of management, compliance, dynamic security and protection of their critical digital assets and business continuity against today's rapidly evolving cyber threats. Stonesoft is a recognized researcher of advanced evasion techniques used in targeted cyber attacks to bypass security. Stonesoft has the highest customer retention rate in the industry due to low TCO, ease of management, and overall customer excellence. Stonesoft's customer base covers more than 6,500 mid- or large-sized organizations across various industries and geographical markets. Founded in 1990, the company's track record is well recognized by certifiers, industry analysts and demanding customers. The company's corporate headquarters are based in Helsinki, Finland and North American headquarters in Atlanta, Georgia. For more information, visit This announcement is distributed by Thomson Reuters on behalf of Thomson Reuters clients. The owner of this announcement warrants that: (i) the releases contained herein are protected by copyright and other applicable laws; and (ii) they are solely responsible for the content, accuracy and originality of the information contained therein. Source: Stonesoft Oyj via Thomson Reuters ONE [HUG#1628779]