Application and Threat Intelligence: Network Testing with Current Applications and Attacks
by Steve McGregoryThe application traffic and security threats traversing networks and data centers evolve all the time. Unfortunately, most testing products can’t evolve along with them. That leaves you trying to test your infrastructure using out-of-date traffic and attacks—or else trying to conduct your own research and maintenance on top of all your other work.
That’s not good enough, and that is why our Application and Threat Intelligence (ATI) research teams are consistently updating our products with the latest attacks and protocols. Every week or two, we push out an ATI update to all the customers who are on our ATI maintenance program. A typical update will include enhancements to existing application protocols, exploits, and malware, along with new pieces of functionality. We also use ATI updates to roll out entirely new features for our product, rather than waiting for a major new release of our firmware.
October ATI Updates: DDoS, Applications, Multi-Byte Markov Text Generation
During October, for example, we issued ATI releases that included three new application protocols, a new feature that allows for multi-byte Markov text generation, a dozen new exploits, and 16 preconfigured DDoS attacks. This is on top of several other new protocols, dozens of enhancements, and hundreds of new security attacks (both exploits and mobile malware) that we’ve issued in just the past few months.
All these changes are documented in developer notes that we distribute to our ATI customers. You can see a sample of the notes for UDP flood, VoIP flood, Smurf attack, and other DDoS attacks.
All enhancements are ready for immediate use. As soon as you load the ATI release, you can start running DDoS tests or using other new functionality right away.
These updates rely on two teams of researchers—one for applications, one for security—that work at our corporate headquarters here in Austin. These tight-knit teams are excellent at what they do, and they stay in contact with the general community of developers and researchers outside the company. The structure of our staff fits hand-in-glove with the architecture of our products.
Fast, Agile Development Cycles to Keep Your Tests Up to Date
We’re able to issue so many changes so quickly because of how we set priorities and how we’ve built our processes to address those priorities. The top priority is fixing any bugs that crop up. After that, our developers focus on the current security and application developments that are most relevant to our customer base. This includes the constant updates we make as part of our Evergreen Applications Program, but we also rely on the initiative of individual developers to cover the changes they realize will have the biggest impact for customers. We also leave plenty of time for product enhancement requests that come in from the field—which, by the way, was the impetus for the new preconfigured DDoS tests.
All this work is aided by agile development processes, which are similar to the processes I used running a Web properties development team in one of my previous jobs. While we use a variety of tools for planning, source control, regression testing, QA steps, and so on, the real magic doesn’t come from the tools, but from building one simple, powerful process that ensures quality, minimizes exceptions, and makes sure everyone stays on the same page.
Test Using the Most Current Network Conditions
By following an agile cycle, we’re always ready to release the next ATI update. It’s sort of like putting together a train at a railway station: each separate ATI enhancement is like an individual car being added to the train. Typically, we want to put about a dozen of these cars into one train, which means we send out ATI updates about every ten days on average. But if we get a high-priority update, we can add it to the end of a train that’s only half that long—and the train will leave the station that day. As soon as that happens, the next train starts forming.
This approach takes the burden of maintenance off our users, and it’s unique in the industry because only our patented architecture enables it. Additionally, because we do our own research, we are not dependent on third-party security research firms. While the work that goes into our updates is tough and often complex, the benefits are simple: our customers are always prepared to test their infrastructures using the most accurate, most current conditions available anywhere.
blog comments powered by Disqus
