New Services Empower Organizations to Perform Targeted Penetration Testing
BOSTON – Jan. 19, 2010 - Core Security Technologies, provider of CORE IMPACT Pro, the most comprehensive product for proactive enterprise security testing, today announced that it has launched an array of new professional services aimed at helping customers identify and prioritize their most critical IT exposures across a range of highly strategic assets.
Driven by the continued proliferation of IT threats and data security compliance regulations, organizations are performing more frequent penetration tests to embrace proactive security and meet both internal and external audit demands. CORE IMPACT Professional Services enable customers to validate and filter vulnerability scanner results and other security systems and event data to eliminate false positives and isolate their most significant points by leveraging the power of our software solutions.
Core’s new professional services offerings are based on a triad of demonstrated assets: Core’s automated penetration testing software, CORE IMPACT Pro, the R&D efforts of our CoreLabs’ vulnerability researchers, and the decade-plus of experience in carrying out custom engagements for Fortune 25 companies provided by our Core Security Consulting Services business unit.
This new set of targeted penetration testing services allows companies with limited internal expertise to reap the benefits of security testing using CORE IMPACT Pro software. Conducted for customers on-site or remotely, CORE IMPACT Professional Services include:
- CORE IMPACT Pro Web Application Penetration Testing – Assess web applications for flaws including those identified as most critical by the Open Web Application Security Project (OWASP).
- CORE IMPACT Pro Client-Side Penetration Testing – Replicate phishing attacks to measure end-user awareness of email threats and reveal vulnerabilities that put their systems at risk.
- CORE IMPACT Pro Network Penetration Testing – Evaluate resiliency against network threats using a wide array of commercial-grade exploits and cutting-edge attack techniques.
- CORE IMPACT Pro Wireless Penetration Testing – Identify weak wireless encryption in WEP, WPA-PSK and WPA2-PSK Wi-Fi networks and sniff traffic for sensitive data.
- CORE IMPACT Pro Multistaged Penetration Testing – Reveal chains of vulnerabilities that comprise paths of exposure across multiple vectors throughout an IT environment.
CORE IMPACT Professional Services clients will be presented with reports of all testing results lending them immediate insight into their unique security challenges, and the packaged offerings can also be used as a launching point for additional in-depth assessments.
Engagements are conducted by highly experienced, CISSP- and/or CEH-certified professionals employed by Core Security Technologies and these experts are focused on providing knowledge transfer to help organizations build and mature their own internal assessment programs.
“Some organizations lack the resources to perform their own penetration testing, but they recognize the limitations that vulnerability scanning services provide and see value in having an automated penetration test performed by Core, based on our in-depth testing solutions and services expertise,” said Kip West, Director of CORE IMPACT Professional Services. “With these offerings we can help organizations assess their exposure to today’s most pressing security risks, establish regular penetration testing practices, and create security benchmarking metrics.”
CORE IMPACT Pro Web Application Penetration Testing Service
Mitigation of web applications vulnerabilities is a costly process since they typically require custom re-coding to be fixed. CORE IMPACT Pro Web Application Penetration Testing services pinpoint exploitable application weaknesses without generating false positives, allowing development resources be to focused on addressing the most critical exposures and leaving security teams to monitor applications defenses.
This service also assesses web applications for many leading classes of vulnerabilities as identified by the Open Web Application Security Project (OWASP), including:
- Injection Flaws – Assess applications against SQL injection and blind SQL injection attacks.
- Cross-Site Scripting (XSS) – Test applications against URL-based XSS attacks.
- Insecure Direct Object References + Failure to Restrict URL Access – Uncover hidden, backup and old pages in applications; discover and analyze robots.txt files to reveal admin pages.
- Security Misconfiguration – Assess server and network infrastructure to identify other security issues that undermine web application integrity (requires Network Pen Testing service).
- Insufficient Transport Layer Protection – ID encryption exposures in HTTPS-secured sites.
CORE IMPACT Pro Client-Side Penetration Testing Service
Email-based attacks on employees and contractors pose one of the greatest threats to information security today. The CORE IMPACT Pro Client-Side Penetration Testing service gauges end-user awareness to email-borne threats and reveals vulnerabilities that put their systems at risk. This service uses email-based phishing and spear phishing techniques to:
- Identify end users who click on links in malicious emails.
- Test their systems for exploitable OS, service and application vulnerabilities.
- Demonstrate how compromised endpoints expose other sensitive systems.
CORE IMPACT Pro Network Penetration Testing Service
Organizations’ servers and workstations make up the backbone of their IT infrastructure and house much of their important data. CORE IMPACT Pro Network Penetration Testing services proactively assess an organization’s resiliency against network threats using a wide array of commercial-grade exploits and attack techniques. This service replicates real-world attempts to exploit and traverse network environments, providing visibility into:
- Which systems are exposed if perimeter defenses are compromised.
- What OS, service and application vulnerabilities pose real threats.
- How privileges can be escalated on compromised systems.
- What information could be accessed, altered or stolen.
- How low-level network compromises can open paths to critical backend data.
CORE IMPACT Pro Wireless Penetration Testing Service
As evidenced in recent high-profile data breaches, organizations’ Wi-Fi networks often provide a point of entry for criminals seeking access to protected databases and other resources. CORE IMPACT Wireless Network Penetration Testing services use the same techniques employed by cybercriminals to:
- Gather information on network strength, security protocols and connected devices.
- Replicate attempts to crack networks encrypted with WEP, WPA-PSK and WPA2-PSK.
- Join cracked networks and compromise backend systems.
- Sniff traffic to find streams of sensitive data.
- Pivot from wireless to network testing in an attempt to access data on backend systems.
“Core is launching these new professional services in direct response to market demand. As automated penetration testing has become a security best practice, many organizations that lack the internal resources to operate our software still want a CORE IMPACT Pro penetration test conducted within their organization. These new Professional Services offer a range of choices for organization to have experts at Core Security use CORE IMPACT to test their IT systems,” said Mark Hatton, CEO of Core Security. “While Core Security will always be a product company at heart, CORE IMPACT Professional Services builds on our products, the experience of our long-standing consulting business, and our CoreLabs expertise, enabling organizations to advance their assessment capabilities and better manage IT risks.”
About Core Security Technologies
Core Security Technologies is the leader in commercial-grade penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, wireless networks, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, Mass. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.
Tim Whitman or Lauren O’Leary