Startup Launches Breakout Testing Tool

Renowned researcher HD Moore and startup BreakingPoint Systems's "baby" has finally arrived -- the company is launching its new all-in-one network and security testing appliance that Moore helped build.

The BPS-1000, which has been under development and under wraps for more than a year, conducts performance, integrity, and security testing of the network and network devices. It's different from penetration testing tools in that it tests both sides of the connection, says Moore, director of security research at BreakingPoint, and developer of the popular open-source Metasploit tool.

"Since the system is designed to test a specific device, it doesn't really compete with Metasploit, Core Impact, or Immunity Canvas," Moore says. "It doesn't actually go out and exploit systems. It just runs attacks through the attached device."

Moore, who designed the appliance's security test architecture, says BreakingPoint is also developing a feature that will let the BPS-1000 target an endpoint system. "We are shooting for an all-in-one network device evaluation platform."

BreakingPoint is currently wrapping up final beta testing of the tool, but the product is actually available, says Dennis Cox, BreakingPoint's CTO -- although the general availability release won't come out until late April. The company is targeting mainly network equipment vendors (think router, switch, firewall, IPS, etc.), as well as security firms that want to detect or analyze the latest attacks, and enterprises that want to verify their network load capabilities before a deployment.

Cox, formerly the director of engineering at TippingPoint, says he designed the product after getting fed up with the archaic and piecemeal testing equipment out there. "The product is about twenty years late -- test gear has been bad for about twenty years," he says. "I'm just surprised no one else did it" before us, he says.

One of the appliance's unique features is that it takes a snapshot of the network so it can run realistic test simulations, Cox notes. "The product is easy to use, and it creates real-world traffic," he says. "It does all sorts of testing, from Layer 2 to 7."

An enterprise, for instance, could plug an intrusion prevention system (IPS) into the test ports and see how much traffic it can handle, including the number of concurrent connections, and which attacks it can block, BreakingPoint's Moore says.

Moore acknowledges that his work on Metasploit did shape the BPS-1000's exploit features, but the commercial tool is more powerful and expansive. There are even some zero-day exploits thrown in for good measure.

"The exploits are designed in a similar fashion to Metasploit, where the user can supply options that affect the attacks that are generated," he says. "[But] there are literally hundreds of evasion options, with common test configurations saved off as evasion profiles. So you just pick your exploit set, select the evasion profile you want to test, and see how great your coverage is."

BreakingPoint's appliance could replace Metasploit for Q/A testing of an IPS product, for instance, but it wouldn't replace it for pure pen-testing, Moore says.

The BPS-1000 appliance has a one-button control for a full test and doesn't require a target lab, for instance, like Metasploit does. "And it provides everything you need to prepare for a standard IPS certification."

Unlike most exploit tools, the BreakingPoint appliance generates exploit traffic from scratch for every attack, Moore says. "There is very little for an IPS or IDS product to create signatures for, outside of detecting the vulnerability itself."

Moore couldn't reveal pricing as yet but noted that it's definitely less than the cost of building a test lab with equivalent features, which would cost more than $250,000.

And look for application-protocol "fuzzing" support in the final release of the product, he says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading