With the help of one of the world's best-known hackers, a little-known Texan startup hopes to give Internet service providers and enterprises a way to tell if their networking hardware is living up to its promises.
Late next month, BreakingPoint Systems plans to launch a new network test appliance that sniffs out security holes in devices like load balancers, intrusion prevention systems and routers. Called the BPS-1000, the device also gives users a way to see how their networking equipment performs under a high volume of networking traffic, said Dennis Cox, BreakingPoint's chief technology officer.
Cox and cofounder Craig Cantrell came up with the idea for BreakingPoint two years ago while working at 3Com's TippingPoint division, where they realized that they were spending more money on testing equipment than they were on building products. What began as a running joke "every time we had to sign a purchase order for a half-million dollars worth of test equipment," eventually became a business plan, Cox said.
That vision is to build a product that gives customers an accurate picture of how their networking gear will behave in the real world -- before the bad guys have a chance to attack.
Shortly after the company was founded in September 2005, Cox hired HD Moore, maintainer of the popular Metasploit security testing tool. "He was one of the first guys I called up," said Cox. "There is no better person in the U.S. to break things than HD."
Today BreakingPoint has over 30 employees, including three security researchers who work with Moore to help develop BreakingPoint's security testing capabilities. Their job is to "do only evil," Cox joked, a play on Google's "Don't be evil" corporate motto.
While BreakingPoint's appliance does not use any of the Metasploit code, the company is leveraging Moore's expertise as a bug finder to offer customers a service called Strike Pack, which tests to see if about 2,500 attacks -- some of which have not yet been publicly reported -- are blocked on the network.
Over the past two weeks, BreakingPoint has already begun shipping its first few systems to network equipment makers, who are using it to test their own products, but Cox says that his company is also talking to enterprise customers -- particularly in the Internet and financial services markets.
Networking administrators can use the BPS-1000 to get a fix on how well their gear is really performing, something that some networking vendors try to hide with puffed up marketing materials, he said. "We believe that the network equipment manufacturers are selling equipment that isn't meeting its specifications," he said.
Enterprises "have service level agreements with a lot of these companies and they would like to prove that their SLAs are not being met," Cox said. "That would save them money."
BreakingPoint's appliance could be used to evaluate new network applications like VOIP (Voice Over Internet Protocol) systems before they are rolled out, he said.
Pricing for the BPS-1000 has not yet been determined, but it will sell in the US$100,000 to US$200,000 range. One-year subscriptions to Strike Pack will cost between US$20,000 and US$40,000 per year Cox said.