Industry’s First Server-Response Fuzzing Raises Security Standards for Testing Against Malicious Attack Vectors
RSA 2017, SAN FRANCISCO, Calif., February 13, 2017 – Spirent Communications plc (LSE:SPT) today extended its lead in security and performance testing by introducing the industry’s first server-response fuzzing capability within CyberFlood™, its premier security test solution. A breakthrough in security and performance testing, CyberFlood’s server-response fuzzing functionality tests the ability of security devices—firewalls, intrusion prevention systems (IPS), secure web gateways and others—to handle malformed traffic sent from a server on the Internet to a client device using a single test solution. This is achieved without the time, effort and cost of building a complex test environment, allowing the user to get up and running more quickly with better results than ever before.
“We launched CyberFlood last year with SmartMutation™, the first-of-its-kind, true intelligence-driven fuzzing strategy. This set a new benchmark for security testing, allowing testing to go deeper, wider and across more code paths than any other solution in the industry,” said David DeSanto, director, products and threat research at Spirent Communications. “Other fuzzing solutions today only offer users the ability to fuzz the client definition of the network protocol when testing a device.
“Leveraging CyberFlood’s unique technology, users can now fuzz the server definition of the network protocol, confirming that a device can handle malformed responses from a server on the Internet targeting a client device, one of the most common and malicious attack vectors leveraged by hackers today. This gives enterprises, service providers and equipment manufacturers a fast and easy way to test security devices with no test environment to set up, and with no false positives during testing”.
The latest CyberFlood update includes several new features while enhancing CyberFlood’s ease of use:
- New Attacks-Only and Client-Only DDoS attack modes add greater flexibility to DDoS attack emulation and enable customers to quickly go from the login screen of CyberFlood to a large-scale DDoS attack emulation in a few clicks.
- New Network Resiliency tests cover the full range of RFC 2544 verification, including measuring maximum throughput, latency, jitter and burstability.
- Tests can be organized in groups focused around a specific goal, such as an upcoming software release or enterprise product evaluation, enhancing collaboration within teams.
- Additional fuzzing protocols allow CyberFlood to test devices across the entire Layers 2 through 7 stack and across multiple industry verticals, including industrial control, healthcare, finance, IoT and automotive.
CyberFlood continues to set the industry standard for malware testing with the only near-zero-day malware offering available in the industry, allowing enterprises to find the holes in their threat landscape, service providers to validate their SLAs and equipment manufacturers to confirm and extend their signature as well as heuristic detection functionality.
“WedgeAMB provides our customers with uncompromising malware prevention by delivering the threat detection accuracy of a sandbox, with the inline, real-time blocking speed of an IPS,” said James Hamilton, CEO at Wedge Networks, Inc., the leader in Orchestrated Threat Management. “CyberFlood’s ability to provide performance and accuracy testing with the freshest, most unique malware testing available in a single solution enables us to continuously evaluate, demonstrate and improve our solutions.”
Spirent at RSA 2017
CyberFlood v17.1.0 will be on display in the Spirent Communications booth S2015 in the South Hall during the upcoming RSA Conference 2017, being held February 13–17 at the Moscone Center in San Francisco. Spirent will also demonstrate CyberFlood’s server-response fuzzing and advanced malware testing capabilities in the booth.
Also at the show, Spirent Positioning Security Technologist Guy Buesnel will present a classroom session on the evolution of deliberate threats to global navigation satellite systems (GNSS). The session, which will be held at 9:00 a.m. on February 17 in Moscone West, will address the evolution of deliberate GNSS threats and present the latest evidence of deliberate jammer use from a network of detector devices.