Integrated solution of NTOSpider and CORE Insight™ Enterprise will automatically discover application vulnerabilities, and pinpoint enterprise-wide operational and business risks.
Boston, MA and Irvine, CA - April 18, 2012 - CORE Security®, a leading provider of predictive security intelligence solutions, and NT OBJECTives (NTO) a provider of automated, comprehensive and accurate web application security software and services today announced a first-of-its-kind technology partnership to create an integrated and automated solution to ensure enterprise security professionals quickly understand application vulnerabilities and the precise business and operational risks associated with each.
The integration of the CORE Insight™ predictive security intelligence solution and NTO's web application security scanner, NTOSpider, will provide the most comprehensive view of an organization's application security posture for enterprise customers. Through the automation of vulnerability identification, validation and risk prioritization, companies will now be able to efficiently monitor their application security posture, allowing security teams to spend their time on the material risks and threats that require more detailed analysis and subject matter expertise.
Application security is a massive, complex and escalating problem. Many organizations have hundreds or even thousands of web applications that access sensitive customer, financial and corporate information. Security teams use application security scanners such as NTOSpider to identify the application vulnerabilities and then use CORE's Insight threat simulation and real-world threat replication technology to do deeper testing on those vulnerabilities pivoting off each internal asset, such as databases and servers, to find which can actually be exploited. But, it takes time to feed the vulnerabilities to CORE Insight, until now.
"Real-world attacks have spanned multiple attack surfaces; attackers today will exploit a vulnerability in a web application, and then penetrate deeper into the network using a variety of network and service vulnerabilities. By combining some of the best web scanning and network vulnerability scanning technology with our attack planning and patented exploitation technology, we can simulate and test for exposure to complete real world attacks in a fully automated way, thus providing an unprecedented and unique intelligence around security exposures," said Milan Shah, senior vice president of engineering of CORE Security.
How the Combined Solution Works
CORE Insight validates and prioritizes application vulnerabilities discovered by NTOSpider in the following way:
- Vulnerability identification: NTOSpider discovers a comprehensive list of application security vulnerabilities.
- Vulnerability analysis: CORE Insight consumes that input to validate which critical assets can be breached by pivoting and traversing off of each asset to find the exploit. These multi-vector attacks are an increasingly popular technique used by attackers today.
- Business risk summary: The combined result articulates the specific potential impact of a breach from a discovered vulnerability.
"By combining CORE Insight's ability to articulate the business impact of a risk with NTOSpider's ability to identify web application vulnerabilities, we can give security teams a more efficient way to get a holistic view of their security posture by providing more automation so that security experts can apply their analysis to the areas that can't or haven't yet been automated." said Dan Kuykendall, co-CEO NTO.
About CORE Security
CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company's innovative security research center. For more information, visit www.coresecurity.com.
About NT Objectives
NT OBJECTives (NTO), Inc brings together an innovative collection of experts in information security to provide a comprehensive suite of technologies and services to solve today's toughest application security challenges. NTO solutions are well known as the most comprehensive and accurate Web Application security solutions available. NTO is privately held with headquarters in Irvine, CA.
Core Security Technologies, Core Security, and Core Insight are registered trademarks of CORE SDI, Inc. in the United States and/or other countries. All other organizations referenced within this document are trademarks and/or registered trademarks of their respective companies.