Security Startup Says Mu to Bugs
Protocol Spidering detects flaws in any IP-based system, application, or device
April 3, 2006
Startup vendor Mu Security Inc. today launched an appliance that could give users a new vector in their ongoing search for zero-day attacks: the security analyzer.
The Mu-4000 security analyzer is an appliance that uses a systematic and repeatable process to identify vulnerabilities in any IP-based system, application, or network device. This process, called Protocol Spidering, emulates the vulnerability discovery techniques that hackers use, then warns the user of potential system flaws and characterizes their severity.
"What we're doing is essentially the reverse of what a protocol analyzer does," says Ajit Sancheti, co-founder and CEO of the venture-backed startup. "A protocol analyzer examines the network for behavior or code that's out of line with standards or thresholds. Our security analyzer actually creates paths that are out of line with the protocols to identify vulnerabilities that may not have been detected yet."
Initially, the appliance will likely be used by network equipment vendors and service providers that want to identify potential vulnerabilities before bringing a product or service to market. Enterprises may also use the appliance to find vulnerabilities before the vendor does, says Chris Christiansen, vice president of security products and services at IDC.
"With the ability to find security vulnerabilities, users are no longer in the unenviable position of serving as a vendor's outsourced QA [quality assurance] department for debugging vulnerable systems," Christiansen says.There are a variety of tools on the market for analyzing vulnerabilities during the QA process, including SPI Dynamics' QAInspect and Compuware's DevPartner SecurityChecker. However, these tools are offered as troubleshooting applications for the development lab, not as turnkey appliances.
"We want to do it more out of the box," Sancheti says. The company already has identified more than 40 zero-day vulnerabilities with the analyzer, he said.
The Mu-4000 Security Analyzer is available now at prices of $30,000 and up.
Tim Wilson, Contributing Editor, Byte and Switch
Read more about:
2006You May Also Like