Trade fair season – Adyton Systems goes on the Belgium market

Posted on by
Reply

Being at Infosecurity in Brussels was great for us as newcomers in the Belgium market. Being a vendor of next-generation firewalls »made in Germany« sparked interest in many visitors. In the Belgium market »IT security made in Germany« was not made popular yet.

Our stand was well presented and there were many people interested in the new kid in town.

Many companies we spoke to these days were looking for real »new« stuff. They were looking for extra security on top of their general UTM or firewall. Well, they came to the right place!

The most important issues for our visitors were related to:

- How can I control people in my network using all sorts of mobile devices?

- How do I deal with the applications they are running that I don’t know about it?

- How do I secure and control my Wi-Fi networks?

- How can I get more visibility? How can I see what is happing on my network (real-time and going back in time)?

- How can my network be even more secure?

- And last but not least: Why are you better than other companies, and what are your unique selling points?

We were able to give all of them a good overview of Adyton Systems’ key facts and gave them a deep insight into NETWORK PROTECTOR.

Our visitors came from a wide range. They were from all profiles going from small resellers to big integrators, local and national government as well as international companies. Most people I spoke to were technical experts (pre-sales consultants, system engineers, head of automation, security specialists). It seems to me everybody needs better and more security and NETWORK PROTECTOR could be the right solution for these needs.

These were perfect few days to show our next-gereration firewall technology »made in Germany« to a large audience in Belgium!

Starting with a good deed into the New Year: ADYTONians did a secret Santa

Posted on by
Reply
Petra Fleischer, Kindergarten "Rasselbande"; Klaus Mochalski, CEO Adyton Systems

Petra Fleischer, Kindergarten “Rasselbande”; Klaus Mochalski, CEO Adyton Systems

While celebrating our Christmas Party, the Adyton Systems team organised a “Christmas in a Shoe Box”: All employees have wrapped small gifts for the children of the kindergarten “Rasselbande” in Leipzig. This kindergarten is supported by the Volkssolidarität Stadtverband Leipzig e.V., a local charity organisation, and currently cares for 138 children. The parcels were handed over during the Christmas party at the kindergarten. Bright children´s eyes and the most beautiful smiles were worth all the effort. We also very much enjoyed the kindergarten-made christmas cookies. Starting with a good feeling into the year 2013, we wish you an enjoyable, healthy and successful New Year!

Next-Generation Firewalls vs. next-generation firewalls

Posted on by
Reply

It is trade fair season again, and Adyton Systems has exhibited at Gitex in Dubai, it-sa in Nuremberg and this week will be at Infosecurity.nl. Roaming the fairgrounds always provides ample opportunity to marvel at the latest marketing hype. What struck me this time is the seeming omnipresence of next-generation firewalls at firewall vendor booths. In fact, it seems impossible these days to find a firewall which is not “next generation”. And many of the vendors who claim to have one, have been building firewalls for ten years and more. So is the recipe to turn a legacy firewall into a NGFW really as simple as “take a stateful firewall, add application and user awareness and sprinkle some intrusion prevention on top”? Or is there something that makes a real (uppercase!) Next-Generation Firewall?

For starters, I personally dislike the term NGFW. Everything is next generation. Always. So it has become meaningless right from the beginning. But: There actually is a huge difference between stateful-firewalls-become-next-generation and true Next-Generation Firewalls built from scratch. If we start with an ordinary unified threat management (UTM) system and add an application control engine (the better ones come from ipoque, Qosmos or Vineyard), what usually happens is a significant drop in performance out of a given hardware platform because another packet processing stage is added. And UTMs already have several daisy-chained engines – for stateful filtering, antivirus and sometimes intrusion prevention – happily burning away expensive CPU cycles.

A true NGFW, in contrast, uses a so called single-pass engine that does packet processing only at one instance, incorporating signature intelligence for application control, antivirus, malware, URL filtering and intrusion prevention. It is designed to work with all these components tightly integrated and at high throughput even if every feature is activated and many rules need to be processed. This improves both performance and security.

After having built a NGFW from scratch with Adyton Systems over the course of three years, and after having closely watched firewall vendors adding application awareness (with my previous company ipoque, that offers an application classification engine), I have come to the conviction that it is impossible to turn a legacy firewall into a NGFW without completely rebuilding it from the ground up.

ACAD/Medre.A or the first widely known AutoCAD malware

Posted on by
Reply

Some days ago I received a pretty unusual malware sample from a friend: It was written in a LISP dialect (AutoLISP) and Windows Scripting Host. Its goal: AutoCAD.

What I found particularly interesting about it was the infection vector. A certain Chinese company apparently forced their business partners to use a specific AutoCAD template, which was infected by the malware. The malware had just one goal: Forwarding all files opened with AutoCAD to around 45 emails hosted by two big web portals in China: qq.com and 163.com.

The malware is a mix between the AutoCAD LISP dialect and WSH. Pretty interesting is that it uses LISP to generate the VBScript file and run it. The malware author took some bad design decisions, like starting a CDO.Message instance and using certain SMTP servers (smtp.163.com and smtp.qq.com), which would probably be blocked in most companies’ networks.

What can we learn from this? Administrators should limit desktop users in the company network so that they can speak SMTP only with the company’s email server. You should block SMTP traffic from your desktops to Internet and log it. If you see some desktop in your log file trying to open a direct SMTP connection to an external server, it may be infected with a similar malware.

Launching the Adyton Security Blog

Posted on by
1

It’s an amazing time to be working here at Adyton Systems right now. For almost 3 years we have been developing what we believe to be the next step in the evolution of the firewall. Seeing our concept being implemented at actual customer sites, getting valuable feedback from users, discussing the possibilities of entering various markets with our channel partners, it all feels like a reward for the hard work we put into our product. And still, it’s just the beginning and we are excited to see what lies ahead.

But as a company devoted to a holistic approach to network security, it’s not enough to focus on the technology alone. In order to reliably defend a network from the multitude of threats present in today’s Internet, it’s of paramount importance to stay up-to-date with current malware and even anticipate future developments. Adyton’s Security Research Team is constantly on the lookout for the newest trends and putting all their effort into analyzing what the bad guys are up to and what can be done to stop them.

This blog is a place where we intend to share some of our research. Firewall admin or malware analyst, CIO or student, whatever your profession, we hope to provide a valuable service and encourage everyone with an interest in network security to subscribe.