Mu Security Adds New Security Analyzer 'Adaptive Analysis' Breakthrough; Expands Attack Surface Coverage.Customizable Attack Combination of Protocols, Authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. and IPv4 or IPv6 Transport Help Mu 4000 End Users and Developers Proactively Beat Hackers SUNNYVALE, Calif. -- Please replace the release with the following corrected version due to multiple revisions, including the addition of the word "Coverage" to the headline. The corrected release reads: MU SECURITY ADDS NEW SECURITY ANALYZER 'ADAPTIVE ANALYSIS' BREAKTHROUGH; EXPANDS ATTACK SURFACE COVERAGE Customizable Attack Combination of Protocols, Authentication and IPv4 or IPv6 Transport Help Mu 4000 End Users and Developers Proactively Beat Hackers Mu Security, a pioneer in the new security analyzer market, today announced the release of a new patent-pending dynamic protocol mutation technology known as Adaptive Analysis. An industry first, the Mu-4000 Security Analyzer's Adaptive Analysis innovation allows product developers and their service provider or critical infrastructure customers to broadly analyze any IPv4- or IPv6-based product's attack surface for its security readiness and robustness. Adaptive Analysis customizes the Mu-4000's ability to pinpoint and expedite the remediation of potential 0-day and published vulnerabilities in critical wired and wireless infrastructures, carrier networks and government applications. The extensible Mu-4000 appliance reduces the likelihood of product or service exploits and, ultimately, information theft. Service provider and critical infrastructure users of the Mu-4000 are proactively reducing the likelihood of unexpected service downtime causing possible customer churn or loss of revenue. "After deploying Mu Security's Mu 4000 Security Analyzer, understanding our customer's network security issues during highly complex network changes became a tractable tractable easy to manage; tolerable. problem," said Vijay Nadkarni, vice president engineering with San Jose San Jose, city, United States San Jose (sănəzā`, săn hōzā`), city (1990 pop. 782,248), seat of Santa Clara co., W central Calif.; founded 1777, inc. 1850. , CA-based Veraz Networks, a leading global provider of IP soft switches, media gateways and digital compression products that enable voice, video and other multimedia services over IP. "We have been pleased with the commitment and support provided to us by the Mu Security team and with the system's ability to help us proactively identify complex security issues in widely varying VoIP and underlying SIP configurations." Mu Security's Adaptive Analysis now combines hundreds of protocol attack mutations dynamically using a large number of authentication techniques running over a dozen transport options. This highly customizable approach enables service providers and vendors of security appliances, secure storage systems, triple play provisioning products and consumer point-of-sale products to proactively analyze their unique attack surfaces and remediate a wide range of potentially disruptive vulnerabilities or robustness flaws. "Mu Security's Adaptive Analysis technology proactively probes any product's attack surface," said Peter Fetterolf, partner at Network Strategy Partners. "Customers can now apply millions of customizable protocol attack mutations by combining their ideal combination of authentication and transport environments. Being first to market with a security analysis system capable of evaluating IPv4 and/or IPv6 is a significant advantage over any vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. , penetration testing and fuzzing See fuzz testing. products. As IPv6 becomes a requirement for government infrastructure in 2007 and a core part of Microsoft's Vista operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. , the market opportunities for Mu's Security Analyzer grow exponentially." Adaptive Analysis offers immediate impact in proactively isolating and accelerating the remediation of robustness and vulnerability issues in numerous Mu Security customer installations including Veraz, Juniper Networks Juniper Networks, Inc. (NASDAQ: JNPR) is an information technology company based in Sunnyvale, California and founded in 1996. The company designs and sells Internet Protocol network products and services. , Network Appliance/Decru, Motorola, ConSentry as well as a number of undisclosed service provider end users and government agencies. During Mu Security's development, the company also isolated dozens of 0-day vulnerabilities including the open source Asterisk IP-PBX offering to identify and quickly remediate a new 0-day VoIP vulnerability. Adaptive Analysis Delivers Customized Vulnerability Discovery, Expedited Remediation The Mu-4000's Adaptive Analysis helps users dynamically select a lethal combination of protocol mutation attacks in conjunction with specific authentication and transport options. For example, SIP analysis now offers two authentication choices (md5digest or none) along with TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. , UDP UDP (uridine diphosphate): see uracil. (User Datagram Protocol) A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required. , SSLv2, SSLv3 or Transport Layer Security version 1 (TLSv1) transport. As a result, the millions of dynamically created SIP protocol attacks available are combined in more than twenty different ways using Mu Security's Adaptive Analysis range of transport choices and authentication mechanisms. HTTP HTTP in full HyperText Transfer Protocol Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. offers a comparable range of unique combinations over both IPv4 and IPv6 network layer support. This approach differs significantly from any other analysis system, test or measurement platform, vulnerability assessment, penetration testing or basic fuzzing product in the market today. Adaptive Analysis' compounding and customizable approach greatly expands the breadth and depth of the Mu-4000's security analysis capabilities. The new Adaptive Analysis approach also lays the groundwork for tunneling of attacks using a wide range of tunnel encapsulations such as GRE (Generic Routing Encapsulation) A tunneling protocol developed by Cisco that allows network layer packets to contain packets from a different protocol. It is widely used to tunnel protocols inside IP packets for virtual private networks (VPNs). , L2TP (Layer 2 Tunneling Protocol) A protocol from the IETF that allows a PPP session to travel over multiple links and networks. L2TP is used to allow remote users access to the corporate network. , MPLS (1) (MultiProtocol Lambda Switching) The earlier name for GMPLS. See GMPLS. (2) (MultiProtocol Label Switching) A standard from the IETF for including routing information in the packets of an IP network. and IPsec. This allows the attacks to be customized using authentication mechanisms that accurately represent a carrier's unique network. This "mix and match" encapsulation (1) In object technology, the creation of self-contained modules that contain both the data and the processing. See object-oriented programming. (2) The transmission of one network protocol within another. provided by Adaptive Analysis accurately reflects the complex and unique network parameters actually in use in many service providers, critical infrastructure users, government agencies and network equipment providers. "With the addition of Adaptive Analysis, the Mu-4000 offers Veraz Networks and the rest of our growing user base the unique capability to tailor attack vectors for their specific target product configurations in an intuitive, repeatable manner," said Kishore Seshadri, vice president of product management at Mu Security. "For example, every possible SIP combination is dynamically created and thoroughly tested as part of a single analysis that automatically runs to completion. This includes an incredible number of SIP instantiations ensuring service providers deliver a highly-secure and robust VoIP network and their network equipment vendors provide the most scalable and proactively secured product release possible." About Mu Security Mu Security offers a new class of security analysis system, delivering a rigorous and streamlined methodology for verifying the robustness and security readiness of any IP-based product or application. Founded by the pioneers of intrusion detection See IDS and IPS. and prevention technology, Mu Security is backed by preeminent venture capital firms Name Location Founding date Managing Partners/Directors Specialty Capital managed 5AM Ventures Menlo Park, CA; Waltham, MA 2002 John Diekman, PhD (managing partner), Scott Rocklage, PhD (managing partner), Andrew Schwab (managing partner) life sciences $200M [1] that include Accel Partners, Benchmark Capital Benchmark Capital is a venture capital firm responsible for the early stage funding of some very successful startups, including eBay. In 1995, the firm invested $6.7 million in eBay, which became worth more than $5 billion by the spring of 1999 and resulted in one of Silicon and DAG Ventures. The company is headquartered in Sunnyvale, CA. For more information, visit the company's website at http://www.musecurity.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion