Mu Security earlier this month made its debut with a security analyzer called the Mu-4000 that can probe and discover new vulnerabilities in a variety of IP-based network gear, including switches, routers, VoIP phones, Web servers and firewalls.
The Mu-4000 is intended for a test-lab environment and runs a probe on network equipment before it’s deployed, says Ajit Sancheti, co-founder and CEO of the Sunnyvale, Calif.-based startup. To ferret out the equipment’s unknown weaknesses, the probe launches attacks that simulate possible hacker actions.
“This is an engine to generate millions of unique attacks,” says Sancheti, who started the firm with CTO Kowsik Guruswamy. The co-founders have worked together since the 1990s when Guruswamy was chief architect and Sancheti was director of product management at OneSecure.
OneSecure, a maker of intrusion detection systems, was acquired by NetScreen, which in turn was acquired by Juniper. Sancheti says he and Guruswamy decided to start Mu Security on the premise that there’s a need for better tools to discover vulnerabilities in equipment.
The Mu-4000 process manipulates various protocols, including Border Gateway Protocol, VoIP, Radius authentication, Lightweight Directory Access Protocol, HTTP and FTP, to examine how equipment reacts to assaults.
The Mu-4000 is a rack-mountable appliance that includes four Gigabit Ethernet and two serial ports for access to the targeted equipment. Most vulnerability-assessment tools analyze how software or hardware reacts to known vulnerabilities. Mu Security’s appliance is aimed at uncovering zero-day vulnerabilities — the holes that generally aren’t known to exist.
Chris Christiansen, vice-president of security products and services at IDC, expects Mu Security to have a significant impact if its tool gets widely deployed. “There are likely to be numerous exploitable vulnerabilities in field-installed systems, including database and streaming media applications, routers, firewalls and network-attached storage, that need remediation today,” says Christiansen.
Motorola late last year started using the security analyzer to look for unknown vulnerabilities that might be found in software for Motorola products ranging from network equipment to handsets. “Mu Security is very innovative,” says Anson Chen, a vice-president and general manager of global software at Motorola. “Even when a product is close to shipping, we may find something.”