Professional Documents
Culture Documents
Part 10 - Evasions Techniques - Preso NB
Part 10 - Evasions Techniques - Preso NB
Evasions
Network Security Must Defend Against Layers within Layers
IP Zero-Days
(Fragments, Ordering)
© 2019 Forcepoint | 3
Why Taking a New Approach to Security Is So Important
© 2019 Forcepoint | 4
The NSSLABS tests Forcepoint
© 2019 Forcepoint | 5
The Evasion Gap – Most Vendors Leave Networks Exposed
70
65
60
2012 2013 2014 2016 2017 2018
Forcepoint NSS Test Average © 2019 Forcepoint | 6
Track Record
Vendor 2012 2013 2014 2016 2017 2018
Forcepoint Palo Alto 79 91 60 96 39 98.7
© 2019 Forcepoint | 7
Forcepoint Difference: Strongest Intrusion Prevention
Packet Inspection Forcepoint STREAM Inspection
EXPLOIT
Network Stack
Network Stack
EX
OI
PL T OI EX PL
© 2019 Forcepoint | 8
The Strongest, Smartest IPS – Standalone or integrated
DYNAMIC STREAM INSPECTION High-Volume Targeted, Advanced
Threats Threats
Per-Connection
Analysis CONNECTION CONTROLS
Policy-Driven Anti-Spoofing, IP Reputation,
High Performance Geo-Protection, Invalid Connections
1 USAGE CONTROLS
Control
Access
By User, URL,
2 Application (server & endpoint)
3 COMMAND CONTROLS
Whitelists for app versions & commands
Protocol Proxies to prevent direct connections
Normalization
Packet Reassembly
Decryption VULNERABILITY INSPECTION
Inspection
4
MALWARE INSPECTION
5 File Filtering & Reputation,
Antimalware Scanning,
Sandboxing
© 2019 Forcepoint | 9
How We Test For Evasions
EVADER
BY FORCEPOINT
Ready-Made
Evasion Test Lab
© 2019 Forcepoint | 10
Evader in Action
EVADER EXPLOIT
BY FORCEPOINT
Ready-Made
Evasion Test Lab
© 2019 Forcepoint | 11
© 2019 Forcepoint | 12
Evader Resources
Forcepoint.com/evader
YouTube
Demo by Forcepoint SE
Onsite Evader test by Forcepoint SE
© 2019 Forcepoint | 13