Klaus Majewski, Stonesoft : AETs are starting to resonate
June 2012 by Marc Jacob
Stonesoft was a sponsor of Hack In Paris, during which Klaus Majewski CISSP, CISA and Stonesoft Director of Business Development gave a talk to the security community on the issue of AETs. According to Klaus Majewski companies are becoming increasingly aware of the problem but are not adequately prepared for this type of attack or the new threats that organizations are now faced with.
GS Mag : Why did Stonesoft choose to be a sponsor of Hack In Paris 2012 ?
Klaus Majewski: We chose to support Hack In Paris because of its relevance to our mission of spreading the word about AETs. Since 2010 we have been informing the IT security community about the dangers attached to AETs. It is an ongoing commitment on our side to pursue the awareness program within the security sphere.
GS Mag : AETs have existed for a long time and there seems to be no solution because of the number of combinations that are possible. Can it be really useful to offer solutions that can at best only offer partial protection?
Klaus Majewski : I believe it’s necessary to tackle the problem and work towards a solution even if today we only cover a limited number of combinations. We at Stonesoft are convinced that if nothing is done the situation will get worse. It reminds me of the anti-virus issue 15 years ago. At the start the security community questioned their usefulness whereas now they are an integral part of daily IT security precautions.
GS Mag : How is the AET problem being handled by the security community in France and elsewhere : in the UK and the US ?
Klaus Majewski : In France, the bigger organizations are starting to take the problem seriously. There are specialist consultancies like the company Advens who now perform AET testing. In the UK the level of interest has grown following a series of conferences and education seminars. In the United States awareness is promoted by testing organisms like NSS Labs and ICSA Labs who include the techniques and recommend adapted solutions. However, test labs up till now only handle the AETS that are easiest to detect so most products respond favorably to the tests. Existing tests do not cover the most complex AETs, which are also the most dangerous. For many of these we provide effective counter-measures with our solutions. Our latest solutions are capable of detecting and blocking comlex AETs.
GS Mag : What are your projects for the future ?
Klaus Majewski : A new version of our products will be released this summer. They will afford enhanced protection againste AETs. We will be making special announcements at the Black Hat Conference this year.
GS Mag : What message do you wish to leave our readers with ?
Klaus Majewski : I would like to tell your readers that many changes are occurring in the security field with the advent of concepts such as Cybersecurity and Cyberwarfare which evoke new threats. Organizations need to reflect on the subject and pre-empt the threats that evolve at high speed and have the capacity to impact all of society. There is talk of disruption from the type of attack that can result in a general electricity cut for a given area. Cloud implementations are still not controlled. We need to prepare for the future and be extremely careful.