TIA Member Spotlight:
TIA welcomes one of its newest members, Mu Security!
 Mu Security ensures that service providers and their vendor suppliers build and maintain networks and IP services that are reliable, available and secure. Mu solves an operator’s service assurance problems by uncovering product weaknesses and vulnerabilities that inflict costly Next-Gen IP application (e.g., VoIP, IMS, IPTV) downtime. Equally critical to both service providers and their vendors, the Mu-4000 Security Analyzer helps customers automate a systematic and repeatable process to identify weaknesses that compromise the reliability, availability or security of services, applications and products on an IP network. Users of the Mu-4000 leverage the product's embedded remediation documentation to address any problems highlighted by the analysis quickly. Mu complements defense in-depth network security strategies by ensuring that all elements on the network meet a minimum threshold of quality.
Since Mu's debut of its flagship Mu-4000 Security Analyzer appliance a little more than 18 months ago, the company has achieved significant customer traction. One third of the world's 15 largest service providers and cable operators now use Mu; Mu's customers represent one half of the revenue in the global network, application and security infrastructure market; and Mu's customers represent one third of the revenue in the global industrial control manufacturer market.
 Dave Kresse is CEO of Mu Security. He was previously vice president and general manager of the storage management and application integration business unit at NetApp, where he led the company's rapidly growing application integration and data/storage management software business. Dave also led NetApp’s content delivery business during his tenure. Previously he was part of the executive team at PowerSchool, Inc. (acquired by Apple Computer), growing its revenue and customer base nearly 10-fold over a two-year period. Dave has also served as a case team leader and consultant at Bain & Company, a strategy consulting firm. Dave holds a BA degree in human biology from Stanford University and an MBA degree with distinction from the Wharton School, University of Pennsylvania.
Mr. Kresse spoke with TIA Network about Mu Security.
 Give us an overview of Mu Security’s award-winning Mu-4000 Security Analyzer.
 The Mu-4000 appliance is widely deployed in the product acceptance, operations and deployment labs of many leading global service providers and their vendors. The Mu-4000 scientifically probes any IP-based software or hardware product for both known and unknown vulnerabilities.
Mu Security's unique methodology, including the patented Protocol Spidering™ technology and embedded remediation suite automates vulnerability testing, security compliance, static analysis and applies Mu’s remediation tool suite to defect tracking and scoring. One-touch automation and regression testing helps users clearly document reliability, availability, and security issues to address, and characterizes the relative robustness of any networked product.
In addition, Mu Security and its Mu-4000 Security Analyzer have received many product and company awards. Details of the 15 awards received to date are detailed online. The company is also a 2008 finalist for SC Magazine's "Best Security Software Development Solution" to be announced in February 2008.
Please tell us about Mu Security’s Product Architecture.
The Mu’s embedded ability to intelligently fuzz traffic is one of its strongest selling points. Unlike vulnerability scanners or penetration tools that check only for known vulnerabilities, an integrated fuzzing engine uncovers previously unknown vulnerabilities or weaknesses by hitting network devices with mutations of normal packets and commands. The Mu-4000 deeply understands more than 50 different protocols (e.g., IPv4, IPv6, SIP, H.323, CIFS, ICMP, and SSH, among others including industrial control systems protocols such as Modbus, MMS, DNP3, etc.) and generates malformed traffic in millions of ways. The Mu-4000 includes the capability to automatically restart hung hosts and capture packet traces (in PCAP, XLS or PDF forms) of both sent and received traffic. The Mu also captures activity in the target device’s network interface or management port, and fire off scripts or kick-start other monitoring devices when a particular event happens.
Mu recently published a TCO/ROI study featuring input from larger service providers and cable operators. What metrics did the study uncover regarding costs of downtime and suggestions for reducing customer churn?
The recently-released study of network operators and their suppliers found that with existing analysis techniques, many network robustness issues go undetected until the worst-case scenario happens and network downtime or malicious access occurs. NSP Partners found that most existing analysis techniques provide limited value and cover only the “shallow end” of the product’s communication attack surface “pool” through homegrown scripts. For example NSP found that downtime in service provider networks usually results in lost revenue due to SLA penalties and increased customer churn – poor ROI and TCO metrics follow. The study detailed both residential and business hourly revenue loss metrics for service provider network outages in one metro area where 100,000 residential customers and 2,000 business customers are affected by an outage. In these service areas, residential losses are estimated to be more than $8,300 per hour and business losses nearly $6,950 per hour.
Tell us the value you gain from your TIA membership.
Our operator customers represent some of the larger TIA members and share our interest in filling a critical void in the market today. Nothing previously available has been able to probe as effectively for flaws caused by layered protocols and their many interdependencies. TIA also stands at the crossroads of many Next-Gen IP applications and services that will become the revenue lifeline for countless operators in the near future. The ability to ensure maximum uptime for these Next Gen IP services requires a broader service assurance approach, which is very different from what is currently available. Equipment vendors, service providers and large enterprise organizations all benefit from Mu’s automate service assurance solution during Product Selection, Development Testing, Improving Vendors’ Product and Product Deployment.
< Back to Top > |
