About evasion techniques
Evasion techniques are techniques used by cyber-attackers to evade detection by security applications (e.g., Intrusion Detection Systems, Intrusion Prevention Systems, Firewalls, Malware scanners). They can be used for rendering the security applications ineffective or transmitting surreptitious information (e.g., for Command and Control of botnets). They rely on two main vulnerabilities:
- Impedance Incompatibility: The problem of different interpretations of the same network traffic by the Probe and by the target device of the traffic.
- Denial of Services (DoS): The creation of a huge workload for security tools to reduce their performance and/or accuracy.
Thus, the main challenges addressed by Montimage’s solutions are:
- The detection of evasions by differentiating it from normal traffic.
- The detection of known attacks on higher Open Systems Interconnection (OSI) abstraction layers even in case of IP fragmentation or any other type of evasion technique.
- The design and implementation of solutions that are able to avoid the loss of performance of the Deep Packet Inspection (DPI) engine.