Mu Security Analyzer busts vulnerabilities with the greatest of ease
Mu-4000 fuzzer shines with wizard-driven test configuration, intelligent workflow, excellent vulnerability profiling, and auto-generated zero-day exploitsFollow @rogeragrimes
Because the Mu-4000 is easily capable of sending millions of attack packets, testing projects can get complex in a hurry. To simplify the process, Mu Security has smartly configured all scanning activity around analysis templates. Creating and using a template is essentially a step-by-step process that the Mu-4000 leads you through while it defines attack types, monitors, and actions to take in response to events. You select protocols and a myriad of custom attack parameters in an attack template. Monitors allow you to capture more information on the target, including from its own management console and log files. For example, if your attack locks up the target, the Mu appliance can capture what the target device’s SSH-enabled management console looked like at the moment the device froze. Event triggers allow you to kick off external network monitors or initiate events such as file downloads on remote systems.
The resulting template is an XML file that can be sent to other Mu-4000 users so that they can duplicate your test. The management and configuration GUI is nearly flawless. It’s helpful and wizard-driven to a fault. If you don’t like GUIs, you can use XML files to drive the device instead.
When the Mu-4000 finds a vulnerability, it will duplicate the attack to confirm that it is re-creatable and, if so, will then step itself through the entire attack sequence to find out exactly which string of sent information caused the fault. Network packet captures are standard, and that information is included with the information gathered by other monitors to profile the problem. The Mu-4000 profiles security issues better than any other vulnerability assessment tool I’ve used. Reporting itself is good, but not excellent. Detailed and summary reports are included, but the Mu doesn't allow easy customization of reports, nor does it hook into Crystal Reports, for example.
My testing found two previously undocumented security vulnerabilities and more than a few performance issues. In one case, a single malformed packet locked up the target so badly the firmware had to be re-imaged to regain control. One of the Mu-4000’s best features is its capability to create a custom (Linux-based) binary that wraps any found vulnerability, essentially fingerprinting the security hole. You can download the self-documenting binary and send it to technicians so that they can re-create the problem without needing their own Mu-4000.
After running the Mu box, I asked myself why anyone should consider one of these pricey devices over the average free fuzzer off the Internet. First, the Mu-4000 has built-in fuzzing logic that you simply cannot find in free products. Mu's fuzzing is stateful, which allows the device to better mimic real-world conditions, and it is intelligent, methodically altering the state, structure, or semantics of a protocol in ways designed to expose weaknesses in the target. Mu’s development staff understands how a problem in one area translates into high problem likelihood in another, and they have designed the tests accordingly. Also, the Mu-4000 contains business logic and workflow that can turn untrained employees into a professional penetration team in a day.
The Mu-4000 Security Analyzer gets my strong buy recommendation for any company worried about unknown security vulnerabilities, and for security device vendors trying to make their products as secure as they can be.