Network Appliance-owned Decru has selected Mu Security to boost its security testing procedures, folding in automated tools with a particular focus on the early stages of new product development.
The storage security company provides encryption and data privacy products for enterprises and government organizations, and chose the Mu-4000 security analyzer to harden its entire portfolio of products.
Although Decru does a range of internal testing, lab reviews, and government certifications to try to bulletproof its products, the current growth of vulnerabilities has driven the company to become even more proactive in protecting against threats, according to Kevin Brown, vice president of marketing at Decru.
"With security products, people have closed and locked all the doors, and now the bad guys are finding the windows," he said. The focus for many enterprises has shifted from device-centric and network-centric security to a model that is focused more strongly on data as it flows through the infrastructure, he added.
Mus security analyzer will help Decru create an automated test bed that the company will use to create different types of traffic, buffer overflows, and conditions that would be attractive to an attacker.
"Small mistakes can open large holes that might not be seen until after a product is released," said Brown. "Its hard to test all the different permutations to get an appropriate amount of security, which is why most IT vendors have performed security testing on a hit-and-miss fashion."
By utilizing Mus automated analyzer in the initial stages of development, Decru believes that the entire test process can be improved, including documentation and auditing.
The deal is indicative of an industry trend toward building security into code earlier in development rather than later, noted Chris Christiansen, an analyst with Framingham, Mass.-based IDC.
"Companies like Decru are realizing that if they include security analysis in the early stages of product development, it will save them money and effort in the long run," he said.
IDC has noted that IP-accessible storage tends to lack native security. Although spending in the content and threat management market is growing, so are the vulnerabilities.
Another benefit to folding in automated security early is that it builds customer goodwill, Christiansen added. "Customers pay attention to moves like this," he said. "Thats much better than having them find vulnerabilities in the product because it hasnt been tested properly."
Security product vendors have to be particularly diligent about testing and development, Brown added, since vulnerabilities with encryption and key management can have a far-reaching effect in an enterprise. "Encryption technology has a giant target painted on it," he said. "If youre a bad guy, this is where the keys to the kingdom are stored."
Check out eWEEK.coms for the latest news, reviews and analysis on enterprise and small business storage hardware and software.