Select ROI Case Studies 
Leading service providers and software/hardware vendors worldwide have deployed the proactive service assurance solution from Mu Dynamics. You can also now register for a new TCO/ROI Internet Telephony Webcast and visit the new VoIP Robustness Portal.
Here are several featured ROI case studies:
A Major Cable Service Operator
A major North American cable triple-play multi service operator (MSO) actively uses Mu’s solution to improve security testing of their network equipments – and after only a year has achieved many business benefits.
Challenge: Robustness Issues Went Undetected
The security experts at this Cable Service Provider previously used homegrown scripts, and other open-source tools to test for security weaknesses. The problems they found with manual testing were relatively obvious; many subtle security flaws went undetected.
Benefit: 10x Test Coverage
With Mu’s security analysis solution, the Cable Service Provider estimates achieving ten times greater test coverage compared to the manual approach. Using the Mu-4000 appliance, the Cable Service Provider quickly found flaws in a critical VoIP network element. These flaws would have resulted in serious denial-of-service conditions in the production network equating to opportunities for expensive network service outages.
Challenge: Scarce Security Knowledge in Silos
In the past, a small, specialized security incident response group did all security testing. This Service Provider used employ three staff security experts who spent 20–40% of their time on security testing. These are expensive resources and they are difficult to attract and retain. In contrast, the large product certification testing organization did not have sufficient security expertise to test for security. Without the Mu-4000, it would have been near impossible to add security metrics or process to this organization.
Benefit: Knowledge Dissemination and Best Practices
By handing off the “heavy lifting” of testing to a Mu-4000 system to automate, the security group now defines testing criteria and disseminates sharable security analysis templates to the rest of the organization to ensure common best practices. With this streamlined process, the efficiency of the organization as a whole has been improved.
Benefit: Finding Bugs Early Saves Time and Money
The Cable operator also uses the Mu-4000 for new product evaluation and bake-off. By finding robustness issues as early as possible in product selection, it saves time and money in service deployment.
Click Here to Learn More about Mu's Cable Operator & Service Provider Solution
Back to top ^
A Tier-one Service Provider
This service provider provides fixed and mobile voice, data, video, and Internet services to millions of residential and business customers. It has a large security team and does rigorous testing of products in its labs. Before purchasing the Mu-4000 it had multiple challenges including:
- An inability to assess and quantify the negative effects of protocol fuzzing on the product under tes;
- An inability to test how firewalls, IDPs, and other signature-based security enforcement devices block published vulnerabilities;
- Labor-intensive and time-consuming security testing outpacing staff on hand and planned budget staff expenditures.
After evaluating multiple security test vendors, the service provider selected Mu Dynamics's service analyzer because of its unparalleled capability for comprehensive protocol negative testing using its protocol mutation engine, the ability to test using published vulnerabilities, its automation capabilities, ease of use, and comprehensive remediation reporting.
The service provider currently uses several Mu-4000 systems in disparate locations for:
- Product Selection: Evaluating products from multiple vendors before and after purchase for deployment in the network based on protocol robustness.
- Development Testing: Determine vulnerabilities and risks associated with new applications and network service configurations, and using reports and tools to remediate problems.
- Improving Vendors’ Product Quality: Work with vendors to fix protocol vulnerabilities and make their products —– and as a result, their own service offerings — more robust.
- Product Deployment: Ensure that products and software releases deployed in the production network are robust to protocol vulnerabilities.
For this service provider, the Mu-4000 provides a framework for automated negative testing, greatly increasing the efficiency and scope of their protocol testing. The results include proven operational improvements of their business including higher levels of service availability and a more efficient and comprehensive test and certification process.
Click Here to Learn More about Mu's Cable Operator & Service Provider Solution
Back to top ^
SonicWALL
SonicWALL, a leading security appliance manufacturer, uses Mu’s Published Vulnerability Analysis (PVA) subscription service to improve their product’s IDP signature capabilities to better root out network-borne vulnerabilities.
SonicWALL calculated the Mu-4000 paid for itself in only one month. The cost savings was due to a combination of reduced testing costs and soft dollar savings associated with finding product quality problems before its appliance are deployed in production networks. Problems in production networks also results in negative press coverage and a degraded reputation among customers, both of which can devastate business.
Before deploying the Mu-4000, SonicWALL used brute-force manpower, homegrown test scripts, open source tools, and other third party test platforms to perform network security testing. It really had no effective solution. Prior to using the Mu-4000, the signature team achieved nearly 60% PVA test coverage. After using the Mu-4000, SonicWALL now generates closer to 90% coverage against known vulnerabilities, much greater efficiency, and better reporting capabilities. Because the Mu-4000 provides detailed remediation tools that streamline the interaction between QA and Engineering, SonicWALL finds it much easier for developers to reproduce and fix problems. This allows developers to fix problems in hours instead of days (or weeks for some problems). SonicWALL also uses the Mu-4000 for one-touch regression testing. Beyond offering them a time-based product quality improvement chart to show customers, this is a very efficient metric and ensures new software does not decrease the product’s PVA score.
The Mu-4000 is also being is used for competitive analysis. By applying the appliance to analyze competing products in its test lab, SonicWALL gains important competitive intelligence information that allows account managers and sales engineers to undermine the competition and close competitive information in deals more quickly. Account managers and sales engineers also closed a $500,000 business deal where competitive information derived from the Mu-4000 helped close the sale.
SonicWALL knows IP-borne threats have evolved over the last few years from script-kiddies to international organized crime. These groups are sophisticated and operate a profitable business. It is very difficult to keep one step ahead but the Mu-4000 is an important tool to help focus its development team around this effort while ultimately building a higher-quality product.
Click Here to Learn More about SonicWall's Use of Mu in their Software Development Lifecycle
Back to top ^
F5
F5 is a leading application security vendor that sells software and network appliances that help enterprises improve application security, optimization, and availability. The Mu-4000 is used as part of the SQA test process. The key benefit to F5 from protocol robustness testing is identifying and repairing bugs before software is released.
This is important because:
- Protocol bugs in production networks result in customer product quality concerns and negative press coverage which often has serious financial consequences
- The cost of finding and fixing bugs in a production network is one to several orders of magnitude higher than fixing bugs in QA (or earlier):
- Systems engineers must get involved and work the problem
- Customer support must reproduce bugs
- Sustaining engineering must reproduce and fix bugs
F5’s key reasons for using the Mu-4000 are:
- To improve the quality of SQA testing and improve customer satisfaction
- The protocol mutation capabilities are excellent, dynamic and offer superior code coverage
- Sophisticated monitoring and reporting allows engineers and managers to identify and track problems
- Linux executables and PCAP files help developers reproduce and fix bugs quickly
Before deploying the Mu-4000, F5 performed manual protocol testing using scripts and open source code. With this approach it could find and fix only the most obvious problems. The Mu-4000, however, allows F5 to achieve significantly higher code coverage, finding subtle corner cases and find hidden boundary conditions, and reach previously unknown corner cases. Serious bugs causing system crashes have been identified and fixed before releasing the product resulting in higher customer quality and lower support costs with far fewer field 'fire drills.'
Click Here to Learn More about F5's Use of Mu in their Software Development Lifecycle
Back to top ^
|
