Spirent 推出新一代的安全和性能測試方案   CyberFlood   Spirent introduces the new Security and Performance testing solution

廣聯科技(Paralink)所代理的Spirent 思博倫通信公司，正推出一個全新的安全和應用性能測試的產品。其Cyber​​Flood™是下一代安全和性能測試的解決方案，這種易於使用的全面測試平台適用於各類複雜的測試場景。通過仿真模糊技術、惡意軟件和DDoS攻擊等真實的流量、威脅和攻擊場景，用戶可以確保其安全和性能測試能夠滿足其特定環境的各項要求。   Cyber​​Flood 的設計考慮到了團隊測試的需求，其直觀的Web用戶界面對簡便易用的最佳慣例(best practice)進行了擴展，目的就是實現更快更精確的可重複測試。用戶可以通過儀表板查看所有測試活動，包括正在運行和最近完成的測試。無論是本地的，或分佈全球的測試團隊，包括IT、質量保障和工程團隊在內，都可以快速地測試、驗證和推出其應用層的設備和基礎設施。其中還涉及測試配置、測試結果和測試設備的共享，包括物理設備、模塊和虛擬端點。 Cyber​​Flood具備擴充能力，使各團隊能夠調整各項測試參數，創建出獨特的攻擊模式，並對應用的結合加以微調，實現安全設備的測試和壓力測試。   思博倫通信網絡威脅研究總監指出：“Cyber​​Flood在安全性測試方面獨樹一幟。典型例子就是其先進的惡意軟件產品，每月可提供數以千計的全新惡意軟件樣本，包括當日（zero-day）惡意軟件，能夠找出自己在威脅防禦中存在的漏洞。Cyber​​Flood的先進模糊技術將兩種主要的模糊策略: 基於生成和基於變異的模糊技術, 結合在一起，形成了全新的智能驅動戰略，為測試提供更大深度和廣度，能夠找到更多的問題。”   Cyber​​Flood可幫助企業、服務商和網絡設備製造商驗證當前的服務、設備和基礎設施，並為未來做好準備。 Cyber​​Flood的部分關鍵亮點包括： • 模糊技術(fuzzing):要應付網絡威脅，要像黑客一樣思考，使用更好的工具，才能在黑客之前找出解決方案和服務中的問題。 Cyber​​Flood的SmartMutation™技術將兩種模糊技術結合在了一起，即基於生成和變異的兩種技術，並形成了一種智能模糊戰略。這種解決方案將為模糊技術提供最大的深度和廣度。 •DDoS攻擊: Cyber​​Flood將合法或正常流量與DDoS攻擊流量結合在一起，確保DDoS解決方案能夠執行適當的消減措施，同時也不會對合法用戶造成不良影響。這些統計數據會以實時方式提供，以交互方式測量用戶的體驗和安全能力。 •惡意軟件（Malware）: Cyber​​Flood平台中的Advanced Malware在質量和數量方面均獨樹一幟，其中每月添加數以千計的全新惡意軟件，包括當日（zero-day）惡意軟件在內，為客戶提供驗證其安全的強大優勢。   •Spirent TestCloud: 這是一種持續更新的數據庫，包含數以千計的最新應用和攻擊，以及其它訂用內容，能確保測試庫永遠處於最新狀態，並且包含真正有意義的最新內容。 Cyber​​Flood能夠利用TestCloud來生成真實的應用流量，其中還包含真正的狀態和基於實際使用情況的真實負載，實現真實的安全、負載和功能測試。   思博倫通信負責企業和應用安全業務的總經理John Weinschenk表示：“根據當前網絡威脅局面執行的連續測試，在防範新型惡意軟件、複雜的新型網絡威脅和應對日益嚴重的全球網絡安全擔憂方面發揮著關鍵的作用。前瞻性和充分的測試方法應考慮到將性能、可用​​性、安全性和規模相結合，才能產生可靠的測試結果。我們開發Cyber​​Flood的目的正是滿足所有這四個關鍵的領域。 ”

San Jose, Calif. – August 2, 2016 – Spirent Communications Plc (LSE:SPT), a leader in security and performance testing solutions, ushers in the next era of security and application performance testing. CyberFlood™, a next-generation security and performance testing solution, is an easy-to-use, comprehensive testing platform suitable for complex testing scenarios. Users can ensure that their security and performance testing addresses their unique environments by emulating realistic traffic volume, threats, and attack scenarios including fuzzing, malware, and DDoS attacks.

 

Designed with team testing in mind, CyberFlood’s intuitive web UI extends easy-to-use best practices for faster, repeatable, and more accurate testing. Users can easily view all testing activities at-a-glance on the dashboard, including running and recently completed tests. Whether local or globally-dispersed, teams including IT, QA and engineering can now quickly and effectively test, validate and roll out their app-aware devices and infrastructures. This includes sharing of test configurations, test results and test devices including physical appliances, modules and virtual endpoints. Fully extensible, CyberFlood allows teams to easily adjust test parameters to create unique attack patterns and finely tuned application mixes to test and stress security devices.

 

“CyberFlood differentiates itself on security. An example would be its Advanced Malware offering. This new offering provides thousands of new malware samples per month including zero-day malware allowing you to find the holes in your threat landscape”, said David DeSanto, Director, Products and Threat Research of Spirent Communications. “CyberFlood Advanced Fuzzing combines the two main fuzzing strategies, generation-based and mutation-based, into one new intelligence driven strategy to provide you greater depth and breadth in your testing to find more issues than previously possible.”

 

CyberFlood helps enterprises, services providers and network equipment manufacturers validate their services, devices and infrastructures today as well as prepare for the future. Some of the CyberFlood’s key highlights are:

• Fuzzing: To stay ahead of the evolving threat landscape, you need to think like a hacker and use tools superior to what they use to find issues within your solutions and services before they do. CyberFlood’s SmartMutation™ technology combines the two most common fuzzing techniques, generation-based and mutation-based, into an intelligent fuzzing strategy. This scalable solution gives you the greatest depth and breadth in your fuzzing.
• DDoS Attacks: Validating your DDoS mitigation strategy is more than just sending a bunch of traffic at your security infrastructure. CyberFlood combines both legitimate or normal traffic with DDoS attack traffic to confirm that your DDoS solution mitigates appropriately without inadvertently impacting legitimate users. Statistics are provided real-time to interactively measure both user experience and security mitigation.
• Malware: Today, malware is extremely nefarious and problematic. Between 2010 and 2015, there has been a 700% increase in the number of malware programs in the wild. CyberFlood’s Advanced Malware offering is unique in quality and quantity. Thousands of new malware are added each month including zero-day malware providing customers a cutting-edge advantage in validating their security stance.
• Spirent TestCloud: Continually updated, Spirent TestCloud contains thousands of current applications and attacks as well as other subscribed content to ensure your testing library is up-to-date with the latest and most relevant content. CyberFlood leverages TestCloud to generate real application traffic with true state and authentic payloads based on actual usage for realistic security, load, and functional testing.

 

“Continual testing based on the current threat landscape is key to protect against new malware, the complexity of new threats and increased global security concerns,” said John Weinschenk, General Manager, Spirent Enterprise and Application Security. “Proactive and solid testing methodologies should take into consideration the four variables that cohesively function together to produce reliable test results. These are performance, availability, security and scale. CyberFlood was developed specifically to address all four of these critical areas.”