A Sunnyvale, California, startup, backed by US$4 million (NZ$5.88 million) in venture funding and a team of former Juniper Networks’ executives, says it has developed a way to make networking products and applications more secure.
Mu Security says it will soon begin selling a new vulnerability assessment product that lets technology vendors and enterprise developers test their products with known hacker techniques, allowing them to fix bugs before products are put into use.
Mu Security’s management team includes a number of the executives behind the OneSecure intrusion detection appliance, which in 2002 was purchased by NetScreen Technologies, before NetScreen was itself acquired by Juniper Networks. CEO Ajit Sancheti and chief technical officer Kowsik Guruswamy both worked on OneSecure, and Joe Ferguson is a former Juniper executive.
The unnamed product, which is expected to ship by year’s end, emulates millions of known hacker attacks and integrates this ability into the quality-assurance processes, according to Mu Security co-founder and chief executive officer, Ajit Sancheti.
“We are bringing formal scientific methods to security analysis, so it’s no longer something that’s considered a black art,” he says.
The product could be used by enterprises to test third-party software before purchase or to certify configuration changes and software patches, says Joe Ferguson, the company’s vice president of marketing. “What we’re doing is providing the means by which people buying a product can evaluate it for security readiness,” he says.
Mu Security would not say whether the product will be hardware- or software-based, but more details will be revealed in March, Ferguson says.
Software vendors like Microsoft have spent a great deal of time and money over the past few years building security into their product development process, and the benefits of secure software development are now starting to be better understood in the enterprise, says Melinda-Carol Ballou, programme director for application-life cycle management software with research firm IDC.
“Mainstream organisations are beginning to wake up to the fact that, ‘Yes, if I coordinated this as part of a best-practice approach from the beginning, it’s going to save me money in the long run,’” she says.