info@coresecurity.com | +1.617.399.6980   Core Blog Core Blog Twitter LinkedIn
Products
SHARE

Comparing CORE INSIGHT Enterprise to CORE IMPACT Pro

The table below contains a high-level comparison between CORE INSIGHT Enterprise security testing and measurement software and CORE IMPACT Pro automated penetration testing software.

Need help deciding which solution is right for your organization?  Contact us at info@coresecurity.com or +1 (617) 399-6980.


  CORE INSIGHT Enterprise CORE IMPACT Pro

Overview

CORE INSIGHT Enterprise helps security executives to benchmark and measure enterprise-wide security posture, verify actual business risks, and validate mandated security controls. CORE INSIGHT continuously replicates threats seeking to compromise defined business assets through web, network and client-side channels. The product’s centralized dashboards and reports track the efficacy of security controls in terms of relevant operational areas, such as specific business units or compliance mandates.

CORE IMPACT Pro enables penetration testers to proactively assess IT systems against real-world threats. The software replicates attacks that pivot across web applications, network systems, endpoints, email users, mobile devices and Wifi networks. Users have granular control over the largest library of commercial-grade exploits available, plus a full complement of pre- and post-exploitation capabilities. A wide range of reports provide actionable data for pinpointing exploitable threats and prioritizing remediation.

Users
  • CISOs / IT management
  • Risk management
  • IT development
  • IT audit
  • Professional penetration testers
  • Red and blue teams
  • IT with security responsibilities

Consumer of Output
  • Executive leadership
  • Business and IT management
  • Risk management
  • Internal departments
  • Operational security
  • Administrative & compliance management

Test Vectors
  • Web applications
  • Network systems
  • Endpoint systems
  • End users
  • Web applications
  • Network systems
  • Endpoint systems
  • End users
  • WiFi networks
  • Mobile

Assessment Target

User-defined business assets, such as:

  • Systems for financial transactions, operations controls, and other mission-critical functions
  • Databases housing sensitive information such as customer records, financial data, or patient histories
  • Data types such as credit card numbers, social security numbers, or employee ID numbers
  • Specific ranges of:
    • Web pages
    • Network systems
    • Endpoint systems
  • Groups of end users (phishing assessments)
  • Specific wireless networks
  • Mobile Devices

Testing Scope

Able to perform assessments within networks containing thousands of systems, applications and end users. Uses automated attack planning algorithm to identify and validate most likely paths of attack to user-defined business assets.

Offers security professionals granular control of assessments in small to large environments.

Level of Automation

Fully automated

  • User defines assessment campaign and target assets
  • Campaigns can be set to run on a continuous basis
  • Solution uses attack algorithm to learn and adapt to changing IT environments, seeking new exploitable path to pre-defined business assets

Security tester-controlled

  • Wizard-driven Rapid Penetration Tests (RPT) automate many testing tasks across web, network, client-side and wireless vectors
  • One-step network and endpoint tests
  • Can be run manually (e.g., target individual systems with individual exploits + granular control over pre- and post-exploit capabilities)
  • Exploit code can be customized
  • Can run user-contributed exploits (Python)

Multistaged Testing Capabilities

Delineates exposed routes to pre-defined business assets with fully automated tests that employ GPS-like adaptive intelligence to dynamically identify new attack paths as infrastructure changes. Can automatically trace vulnerable paths from system to system within a specific IT layer.

Enables security testers to pivot across different IT layers (web, network, client-side, WiFi) to trace complex paths of exploitable vulnerabilities that reveal sensitive backend resources.

Delegation

Campaigns can be delegated to IT groups, developers and other departmental staff, enabling them to     test pre-defined areas and assets without violating access controls.

 N/A

Reporting

CSO dashboard with drill-down capabilities

  • Heat maps
  • Assessment and risk trends
  • Active campaigns
  • INSIGHT updates
  • Security data levels

Reports

  • Technical campaign reports
  • Trend reports – campaigns over time, campaign comparisons
  • Executive summaries

14+ reports

  • Reports on test activities, vulnerable systems, exposed data, and remediation recommendations
  • Visual reports depict chains of weaknesses
  • Trend and delta reports benchmark and  measure progress
Compliance-specific PCI and FISMA reports

Product Format

Linux-based appliance or software

Microsoft Windows-based software

Update Frequency

Both INSIGHT Enterprise and IMPACT Pro receive 20-30 new and updated Commercial-Grade Exploits + testing modules per month

Back to top