TMCnews Featured Article
MU Security and NSP Released Service Provider TCO and ROI Study
By Tim Gray, TMCnet Web Editor
Network security analysis systems firm Mu Security (News - Alert) has completed a study designed for Service Providers and network vendors.
The study, dubbed “Total Cost of Ownership”, conducted by Analyst Peter Fetterolf of Network Strategy Partners (NSP) features four case studies of leading global providers using the Mu-4000 appliance to uncover the often hidden metrics of revenue loss due to customer churn, network robustness issues and downtime.
“Many service providers we interviewed face unacceptable levels of downtime or customer churn due to network robustness issues,” Fetterolf said. “Survey participants found that integrating product robustness analysis to discover and eliminate weaknesses and vulnerabilities reduces downtime and customer churn.”
In fact, says Fetterolf, in more than one instance, participants noted that the integration of robustness negative analysis into their deployment and development processes paid for themselves in less than a month by reducing customer churn or field fire drills.
NSP and Mu Security also leveraged this new primary research to create an online calculator site: MuSecurity.com/solutions/calculator.html.
Mu Security and NSP will host a Web cast on Thursday, Dec. 6 at 8:00 a.m. PST to discuss how leading service provider and cable operator customers are improving networked application or service availability and reliability by addressing robustness and resiliency factors before any networked product is deployed into a production environment.
The interactive TCO & ROI calculator, whitepaper, and Web cast specify both “Service Provider Costs for Downtime and Churn” and “Service Provider and Developer Savings (Test & Certification).” ROI content and Web cast registration is available online by clicking: http://www.musecurity.com/solutions/calculator.html.
The new study found that with existing analysis techniques, many network robustness issues go undetected until the worst case scenario happens and network downtime or malicious access occurs. Simply put, existing analysis techniques provide limited value. Most cover only the “shallow end” of the product’s communication attack surface “pool” through homegrown scripts, use of commercial stateless protocol fuzzing software and other open-source tools to test for security weaknesses.
The problems found with manual testing are relatively obvious; many subtle system weaknesses and security flaws went undetected. VoIP system flaws—for example, in Session Initiation Protocol (News - Alert) (SIP)—would have resulted in serious denial-of-service conditions in the production Internet telephony networks equating to opportunities for expensive network service outages.
Another study finding was the desire to virtualize the user’s specialized security incident response group through the automation engine of a Mu-4000 analyzer. Service providers all wanted the ability to define testing criteria and disseminate sharable security analysis templates to the rest of the organization to ensure common best practices. With this streamlined process, the efficiency of the organization as a whole has been improved.
This month Mu Security also released its next generation security and robustness analyzer solution with new features including sharable analysis templates, interactive graphical response time charting and dynamic stateful protocol fuzzing as the basis for robustness analysis. Mu customers including Redback noted their particular use cases on eliminating product downtime, customer churn and ensuring the highest possible product quality.
“As a leading provider of products used in the world’s largest triple-play networks, Redback assures its carrier customers the highest levels of security for critical applications that require robust performance,” said Rod Couvrey, vice president of software engineering at Redback. Mu Security and their innovative Mu-4000 appliance help ensure that the Redback software engineering team leverages security analysis as a best practice to identify and remediate possible product vulnerabilities or quality issues as early as possible in our development lifecycle.”
TCO and ROI Study participants received no compensation or special consideration to participate. Both service providers and their vendors were provided a set of 10 audience-specific questions and asked to reply via one-hour interview within 30 days including metrics specific to their analyzer installation.
Tim Gray is a Web Editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To see more of his articles, please visit Tim Gray’s columnist page.