There are open-source choices as well, including Sully (www.fuzzing.org/fuzzing-software), GPF (www.vdalabs.com/tools/efs_gpf.html), and SPIKE (www.immunitysec.com/resources-freesoftware.shtml), though these frameworks aren't nearly as easy to use, nor do they include some of the advanced features of the Mu-4000, like automatic response time monitoring. On the commercial side, Beyond Security's beStorm and Codenomicon's Defensics software compete.
The other advantage of an appliance in the fuzzing world is speed. Fuzzing isn't supposed to be fast; the goal is to iterate through as many variants as possible. But an appliance can be tuned and tweaked, or in the case of BreakingPoint Systems' appliances, include custom hardware to speed up the process.
Of course, each product takes a slightly different approach to security analysis. Most include static vulnerability databases in addition to their fuzzing capabilities to find new vulnerabilities, but some place different emphasis on each stage. The Mu-4000 is clearly more focused on the intelligent fuzzing aspect than static analysis. In fact, the base-model doesn't even include static vulnerabilities, which are available as a $15,000-per-year add-on. The database (nearly 1,000 checks) is updated about every two weeks.
A new feature in Mu's latest release is an attack time chart. Attacks that don't necessarily crash or hang a system but still exhibit some impact on performance might be worth investigating more closely. Being able to graph response times may also help detect memory leaks.
While the Mu didn't uncover any immediate problems in the NAS we tested in our lab, that might be because the storage vendor had done some fuzzing of its own before shipping the product. It's hard to fault a fuzzer for not finding problems where there may not be any, so we'll keep the Mu around for a bit to test future products that come through the lab. Watch for updates.
The new HPE Aruba 730 series Wi-Fi 7 access points tout high performance, enhanced security, location tracking capabilities, and more.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
As we move closer to fully realizing the potential of Wi-Fi 7, it becomes evident that the RF, signaling, and throughput tests are not merely procedural checkpoints but the pillars of excellence in wireless communication.
