Mu-4000 Security Analyzer
The Mu-4000 Security Analyzer is a security analysis platform that embodies a systematic and repeatable process to identify programming implementation flaws in protocol implementations that create security vulnerabilities or robustness weaknesses in any IP-based system, application or network device. The process does not end with the discovery of these weaknesses. The Mu-4000 dynamically generates actionable remediation information on-demand to assist in pinpointing and resolving the discovered issue(s), verifying the efficacy of proposed fixes through an on-board regression database.
Mu-4000 is a Process
The Mu-4000 offers a complete Security Analysis lifecycle process. The Mu-4000 subjects the target to a virtually unlimited number of attack vectors (stateful mutations), closely monitors the target for user-defined fault conditions and for response time (i.e., latency), and captures the results in a database, and manages the interaction with the target in predictable and repeatable analysis process.
The Mu-4000 also enables best practices and expertise to be shared among Mu-4000 users — either within a distributed organization or between organizations — by providing the ability to export configurations in the form of sharable XML templates. With the introduction of Sharable Analysis Templates, Mu Security gives users a strategic best practice for system testing across organizations. Organizations often find it very difficult to add security metrics or repeatable processes across groups. Typically, only a small, specialized incident response group within a company has security expertise, whereas the larger product certification/testing group often lacks sufficient security knowledge to test for product robustness.
Mu-4000 Templates Easily Share Analysis Specifications
Mu-4000 is a Platform
The Mu-4000 platform is extensible, which enables organizations to add their own existing tools as external attack vectors. The Mu-4000 Security Analyzer platform can easily integrate with and leverage any existing test procedures or scripts in which a customer has an investment, and allow the security testing process to be centrally monitored, managed and coordinated. Such a platform approach can help create more value from the legacy tests. The Mu-4000 can also be controlled programmatically via the XML-based Remote Automation Interface (RAI) so that the integration with existing lab infrastructure can go both ways…either the Mu-4000 can add its automation to legacy tools by automating them, or the Mu-4000 can become part of an automation scheme if it already exists.
Mu-4000 is an Appliance
The Mu-4000 is a self-contained, rack-mountable (2U) appliance that includes four Gigabit Ethernet and two serial ports for interfacing to the targets being analyzed, two power relay plugs for off/on recycling of systems that lock up during a failure, and both Ethernet and serial management console ports. The use of multiple device interfaces allows parallel testing for comparison purposes, as well as for load-balancing or distributing attacks. The ability to restart the target device, either with a software reset or by cycling power, allows tests to proceed to completion unattended.
Mu-4000 is a Security Auditor
The Mu-4000 characterizes the security and robustness stance of the protocol implementations within an IP-based device or application. It incorporates virtually unlimited systematic and comprehensive attack vectors (mutations). And, like an auditor, it provides actionable and reproducible reporting to accelerate remediation to eliminate potential exploits. This fine-grained process allows easy comparison of products and product releases.
Click to see a larger image
The ability to graphically compare devices or applications based not only on “hard faults” (e.g., system crashes) but also “soft faults” (e.g., memory leaks, response time degradation, etc.) gives the auditor a more complete picture of the relative suitability of a component to a given deployment scenario. Latency-sensitive applications unable to process valid data in specific timeframes may not meet response-time goals or service level agreements. Mu’s Response Time Charts interactively expose quality and availability issues to accelerate remediation. Customers can actively gauge a system's ability to maintain control and specific performance levels while processing unexpected inputs.
Charting Response Time and Latency with the Mu-4000
Click to see a larger image
Mu-4000 is a Perfect Storm in a Box
The Mu-4000 equals a perfect storm in a box. It helps customers of many industries reduce vulnerabilities, improve robustness, and build the foundation for a proactive security-enabled lifecycle management process. One of the key elements of Mu’s “perfect storm” is a nearly infinite number of dynamically generated stateful protocol fuzzers.
Most commercial and open source static fuzzers focus only on the protocol specification without any regard to how the target's implemented or deployed. This approach tends to have a least-common-denominator effect, making many static attack vectors irrelevant in the real world.
Mu Security’s Dynamic Stateful Fuzzing engine overcomes these major limitations by first accessing the target system to map out the target’s exact capabilities. After this step, the engine computes a set of attack vectors tailored to the target, and then dynamically executes them. The result is much deeper attack surface coverage with more vulnerabilities being uncovered. Mu also dynamically constructs attack vectors over and beyond what Mu provides out-of-the-box.
Many protocols have multi-packet exchanges, like HTTP or SIP dialogs. The only way to get deep coverage of the protocol implementation is to exercise it in all its valid and invalid states. Only the Mu-4000’s dynamic stateful fuzzing engine can deliver structurally and semantically invalid attacks in all the relevant states of stateful protocols. These attacks include valid packets sent at the wrong time, or packets that are never valid, but are designed to cause damage to the code that implements the protocol’s state machine(s). This latest Mu-4000 provides deeper and broader attack surface coverage, and enables customers to significantly reduce service-impacting vulnerabilities.
For Service Providers Customers:
- Product Selection, robustness benchmarking and bakeoffs
- Security profiling of new releases as part of change control process
- Patch verification
- Configuration-specific testing
- Policy change verification
- Auditing of network security devices and applications
- Internal application security testing
For Vendors and Developers:
- Creation of security profiles, analysis templates
- Pre-release product certification
- Patch verification
- Comparative testing across releases
- Protocol hot-spot identification
- Platform for customer-generated tests and scripts
To get more details about the Mu-4000 product, download the Mu-4000 Solution Brief.
Back to top ^
|
