TMCnews Featured Article
Mu Security to Expand Robustness Analysis.
By Tim Gray, TMCnet Web Editor
I recently had the opportunity to speak with Adam Stein, vice president of marketing at Mu Security (News - Alert), about IP communications, robustness testing and the company’s plans for the upcoming year.
Mu Security helps service providers and their diverse product suppliers build and operate higher quality, more reliable and robust networks. Customers need their IP networks to be robust, available and secure to support their mission-critical applications.
As you look back at 2007, how would you describe Mu Security’s experience over the past 12 months?
To ensure network service reliability in VoIP, IMS, IPTV (News - Alert) and Real-time media deployments, the continuum of semiconductors, software and hardware that make up the underlying IP-based ecosystem must be put through rigorous robustness testing. Mu’s customer base in each of these areas is benefiting with higher quality products, fewer vulnerabilities or robustness weaknesses. Given the increasingly interconnectedness and complexity of networked applications that are utilizing open source development tools, robustness testing is even more critical today to avoid costly downtime.
Why? From the service provider perspective, network outages or slowdowns threaten service level agreements (SLAs) and this directly impacts revenue and customer churn. On the enterprise side, Mu’s customers are finding poor network response times or service interruptions can wipe out transactions, kill employee productivity and/or stall time-sensitive projects.
What were some of the highlights of 2007?
Cable and Service provider adoption rate, throughout the product deployment lifecycle. Leading product developer’s integration of robustness testing throughout software development lifecycle. The need for service differentiation is fundamental and is being amplified as industry deregulation creates fierce competition. As the competition increases, it will be essential for providers to position themselves appropriately to take advantage of its core competencies and to prepare for the next generation quadruple-play environment.
Though the Voice over IP (VoIP) market is particularly attractive from a commercial perspective, operators are remaining cognizant of the ever-present business and technology risks associated with VoIP service rollout. One of the primary risks involved with deploying services on top of emerging technologies is that there are many new and complex protocol interactions involved between disparate vendor products, and this can lead to diminished service quality and ultimately increased customer churn. In the case of VoIP services, these risks are compounded by an extreme intolerance for service-affecting conditions such as application latency and robustness issues.
By incorporating a robustness testing platform into business processes, both operators and developers ensure the deployment and hand off to Operations a high-quality infrastructure that customers depend on.
What can our readers expect to see from Mu Security in 2008?
Additional in-depth and stateful protocol mutation exploration is tops on our customer’s want list. It is increasingly apparent that networks are becoming more and more fragile, which is evidence of the disparity between the increasingly rapid ability to develop ever more complex software compared to the essentially nonexistent capability to do negative testing (i.e., developers are able to create new features at a far faster rate than traditional test tools can evaluate them for quality). The pace of application development has left traditional testing methodologies in the dust, and networks have become increasingly application-aware – so we have a complex, fragile mess instead of a well-oiled machine.
Are you planning any new product rollouts early in the year?
Of course, Mu will continue to expand throughout layers 2-7 robustness analysis. In fact, we’ve already discussed (http://www.infoworld.com/slideshow/2007/12/139-mu-4000_securit-1.html) several new Mu-4000 capabilities in this new InfoWorld online review/demonstration. The more complex the protocol, the more difficult it is to find the right protocol configuration settings to create a successful connection. The mutation explorer helps point the way by listing the sequence of steps in the protocol exchange, highlighting exactly where failures occur, and decoding the protocol exchange down to the field level. The Mu-4000 shows valid ranges for each field and the effect of the mutation on the formerly pristine packet.
What are some of the industry trends that you’ve been keeping an eye on and what effect will they have on Mu Security’s roadmap as we head into 2008?
Several trends are growing. Increased use of open source, standardized development and outsourcing all feed into the growing need for VoIP, IPTV and IMS robustness testing. For example, a competent hacker armed with a Universal or IP multimedia Services/Subscriber Identity Modules (U/I-SIM) card could tunnel their way into the network as an "authenticated user". Once inside, they encounter little resistance.
Continuing on the IMS these, this real-time deployment system has a heavy dependency on perimeter security. Once you penetrate the outer parts of the system the whole system is open to you. It’s akin to a polar bear taking on an igloo; crunchy on the outside and chewy on the inside. Once inside the perimeter, the attacker can target the complex web of distributed IMS core network functions and servers because they are all connected via IP. That includes the home subscriber server (HSS), which stores and provides real-time customer data.
And because IPSec is the IMS specified core level network layer security once IPSec tunnels are established with the packet data gateway at the perimeter the hacker can flood the network with traffic, launching denial of service (DoS), spoofing, and various other attacks potentially jeopardizing service revenues.