Start up security vendor, Mu Security, is dead set on stopping network attacks before they have a chance to get started.
The company announced the Mu-4000 Security Analyzer, an appliance that uses a systematic and repeatable process to identify unknown and known security vulnerabilities in any IP-based system, application or network device without requiring access to any source code.
The product targets service providers and vendors rolling out new products, but ultimately it's enterprises that stand to gain from the "vulnerability torture chamber" Mu's product inflicts on network products that are often the source of malicious attack, according to Ajit Sancheti, Mu's co-founder and CEO.
"This product will drive vendor accountability. If this works out well and right then all products will be more secure and will have security built in. We're trying to raise accountability across the board," said Sancheti.
Security analyzers proactively identify and help remediate vulnerabilities before systems and applications are deployed in production networks. The Mu-4000 employs a three-stage process that mutates communication between systems to emulate the myriad vulnerability discovery techniques hackers use, actively monitors the results to identify successful attacks, and manages the automated analysis to isolate and characterize the failure for rapid remediation. The extensible design supports internally-developed or third-party security analysis suites, enabling vendors, enterprises and service providers to methodically analyze products and applications for security vulnerabilities during the development or evaluation stages, prior to release or deployment.
"Every network product, system, and application is subject to the inevitable software security flaws that creep in during product design and development. Layered software architectures and multi-team, multi-vendor implementations are a breeding ground for security exploits and software flaws," said Joel Conover, principal analyst with Current Analysis. "To minimize the impact of these flaws, systems must be subjected to myriad hacker attack mutations that can expose previously undetected flaws before a product is put into production. Likewise, there must be a means for monitoring security vulnerabilities in order to pinpoint the cause of an exploit. And lastly, there must be a method for managing and automating the process of detecting and isolating flaws for unattended use by non-experts."
According to the company, the Mu-4000 has already uncovered more than 40 new zero-day vulnerabilities in a diverse set of IP-based products in the consumer, enterprise and service provider markets, including e-commerce servers, home gateways, point-of-sale systems, VoIP phones, database applications, network switches, routers, firewalls, IDP devices, UTM systems and others. Once vendors remediate these newly-discovered zero-day vulnerabilities, Mu is planning to publicly disclose specific details.
Motorola, one of Mu's early adopters, is finding the tool useful in tightening security in its company's ongoing, massive product development effort. According to Anson Chen, corporate vice president and general manager of Motorola's global software group, the company employs 15,000 software developers and so he set out on a company-wide secure program initiative. The effort includes tools, processes, and training materials that let engineers take security into consideration as they develop software.
"We were one of the first beta customers. We use a variety of products at Motorola ... if you look at all the problems that we have with attacks … design flaws, coding errors, protocol error," said Chen. "Think from a hacker community perspective in which over 80 percent of the type of attacks explore some vulnerabilities that are protocol related. And Mu Security as a tool helps us test shortcomings of a protocol."