[ISN] What are Advanced Evasion Techniques? Don’t expect CIOs to know, says McAfee

http://news.techworld.com/security/3509357/what-are-advanced-evasion-techniques-dont-expect-cios-know-finds-mcafee/ By John E Dunn Techworld 31 March 2014 What is an Advanced Evasion Technique (AET)? According to a McAfee survey, an awful lot of CIOs have absolutely no idea, confusing them with the more famous Advanced Persistent Threats (APTs) that have become an established term on many large organisations’ worry list. The survey of 800 professionals across the US, UK, Germany, France, Australia, Brazil, and South Africa found that only 70 percent were even sure they understood AETs, with 37 percent of those getting the definition wrong. This means that less than half of CIOs can define the term at all. In fairness to CIOs, nobody has heard of AETs because they are, whisper it, pretty dull. They can be explained as subtle techniques designed to get around security boxes such as firewalls, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). Think of them as packet-level probes that aim to spot weakness in these products such as traffic flows they don’t understand, get confused about or just don’t notice. […]