Staff
Sept 11 -- This week the Storage Network Industry Association (SNIA) had a decent turnout for its Storage Developers Conference which targets storage developers, architects, and engineers from the world’s leading storage vendors and service providers. The event, which garnished over 300 participants, covered such topics as distributed and content aware storage, data management and continuous data protection, and security. The technical program leveraged end users and vendors such as EMC, HSD, SUN, Microsoft, HP, NetApp, and Cisco. Of particular interest was the CIFS and iSCSI 2007 Plugfest that occurred during the event to enable companies to test, identify and fix flaws associated concerning compatibility. What stood out at the Plugfest was a recent member of SNIA, a company called Codenomicon. The company introduced and demonstrated their unique new storage robustness and security test suite at the Plugfest --- wooing the attention of recognizable vendors at the event.
Codenomicon markets preemptive security and robustness test software – Defensics – an extended File System and Storage Test suite. The test platform allows storage vendors to rapidly perform rigorous security and availability tests to identify and resolve file system and storage network protocol exposures – not only known flaws but unknown flaws that could spell serious issues for storage vendors and storage service providers. Hence the emphasis on “preemptive.â€
Isaac Sundarajan, CEO of Codenomion explained that the dollar costs and reputation risks associated with system patching, product recall, service downtime and data corruption are serious issues when it comes to networked systems and storage – whereby preemptive security and robustness testing can offset these risks.
Robustness is a way to describe the extent of the ability of a system to continue to function despite the existence of flaws in which performance or operation can be diminished or altered until faults are corrected. Quality assurance or security test personnel in a lab or pre-deployment staged environment use Defensics. The product essentially sends random data and sequences of data in a systematic way against storage and network protocols to discover irregular responses, slower system response, or terminated function – all of which can pose operational and security threats for storage vendors and service providers.
The test suite offered by Codenomicon includes CIFS, HTTP, iSCSI, NFS, SNMPv3, SSH, and SSL implementations. This covers not only storage protocols in its original package, but also serves to safeguard secure file transport and file/storage management interfaces. The system finds issues beyond that found by conventional code test or vulnerability test products – and does not need test target expertise to run Denfensics (other than known what protocols are in use). Fixing flaws prior to release or deployment would seem more cost-effective – not to mention lowering potentially significant SLA and brand liability.
“In a nutshell, Codenomicon finds more bugs,†said Mikko Varpiola, founder and vice president, Tool Development. “Our team has extensive experience and a deep understanding of protocols. Because of this we are able to do more intelligent targeting from deep protocol models. Additionally, Codenomicon’s solutions are software only, therefore much easier to deploy, maintain, etc.“
"Enterprise use of both networked storage and public networks has increased rapidly," said Anne MacFarland of The Clipper Group. "Business processes are often a series of components not all of which are local. A yawning gap of opportunity for protocol subversion - or simple degradation - threatens the communications that are the lifeblood of most organizations. Testing of enterprise applications for vulnerability to protocol attacks is now more than merely prudent - it should be a key part of pre-deployment testing. Codenomicon offers a variety of protocol test bundles to mitigate the business risks incurred by pervasive networking."
The Defensics platform includes broad protocol coverage with thousands of predefined test cases and can also support custom storage tests and protocols. The vendor claims that the software can be quickly integrated into existing test environments with modest effort. The Defensics File System and Storage Test Suite starts at $50,000. The Finnish company also has offices in Silicon Valley and Asia.
