There may — will, according to Mu Security — come a time when signature-based vulnerability assessment by itself is no longer a viable testing option. Due to rapidly evolving architectures, complex systems and applications, and tighter interaction between applications and their environments, traditional exploit-based vulnerability assessment will begin to fall short of the results organizations need. Evidence that this is beginning to occur is the prevalence of zero day exploits.
Zero day exploits are security holes often found because a protocol implementation misbehaves. This is a case, usually, of coding or software engineering errors, not the protocol itself. The Mu 4000 is a vulnerability testing tool that exercises every protocol the device under test is capable of using. This means that often there are thousands of possible protocol mutations that the Mu 4000 tests. When the device being tested fails the mutation exercises, a potential security hole has been identified whether there is a pre-known signature or not.
When we describe the Mu 4000 to security experts, we often hear that they view it as a fuzzer. Mu does not deny that. In addition to protocol mutation, the tool does perform some fuzzing, but they describe the fuzzing as stateful. The benefit is that this approach is repeatable and has the capability of regression testing built in. This is an example of Mu Security's forward thinking.
Some of the future approaches that Mu is investigating will allow it to develop tools that can address very large networks. As mentioned in a recent talk by a Department of Defense (DoD) expert, the DoD network called the GIG (global information grid) today has over five million nodes. Mu predicts that the number in that network alone will grow to 50 million with the advent of widely implemented IPv6. This presents huge vulnerability analysis challenges.
That concept alone — vulnerability analysis versus simple vulnerability testing — is a key differentiator for Mu. It also helps shape their innovation. Looking forward, they are looking for new analysis applications that use the core intellectual property they have developed. They also see their tools as being necessary for a broader audience than they reach today, and they are working on how to address that audience and how to handle the evolving interaction between applications and their environments.
AT A GLANCE
What it is: A highly sophisticated vulnerability analysis tool
Vendor: Mu Security - www.musecurity.com
Cost: $ 45,000-$300,000, depending on protocol subscriptions
Innovation: A completely new approach to vulnerability analysis
What we liked: Everything — this is the most effective vulnerability analysis tool we have used