Computer networks are built to facilitate the flow of communication, not stop it. Unfortunately, data packets can be manipulated to look normal yet contain an exploit. These techniques evade standard security measures and, in most cases, can deliver a malicious payload without detection. Often, these advanced evasion techniques (AETs) take advantage of rarely used protocol properties in unexpected combinations.
Most network security devices are not capable of detecting them. While many pass industry tests with high ratings, those ratings are based on protection against a limited number of threats. The exact number of AETs is unknown, but it is close to hundreds of millions. To defend against AETs, your network security should incorporate seven critical features into your next gen firewall.