Core Enables Organizations to Proactively Identify Real Security Risk; Adds New Attack Simulations and Vulnerability Scanner Integration
BOSTON - May 25, 2011 - Core Security Technologies, the market’s leading provider of IT security test and measurement software solutions, today announced the release of new enhancements to CORE INSIGHT Enterprise. This latest version of Core Security’s breakthrough automated security test and measurement solution features new attack simulation and information gathering capabilities, enhanced integration with popular vulnerability scanners, and automated, customized export of testing results. In combination, these new enhancements empower enterprises to more efficiently and effectively understand, validate, communicate and address real security risks to their organizations.
With CORE INSIGHT, customers can continuously identify and prove real-world exposures to critical assets across the entire organization through automated testing of network systems, web applications, and end users in one completely integrated solution. The solution employs groundbreaking technology that proactively replicates the steps attackers would take to breach valuable information assets. CORE INSIGHT Enterprise v1.3 provides IT security leaders with new simulation and discovery features that make it even easier for organizations to obtain a continuous view of IT security risk. New capabilities include:
- Attack path simulation - Using a patented algorithm, INSIGHT generates a simulation of an enterprise environment and displays all the potential paths that an attacker could take and the exploits that could be used. Armed with this knowledge, users can further refine their testing plans, prior to launching the live test.
- Information gathering - Customers can now leverage INSIGHT to independently perform discovery of systems, hosts, open ports and hardware on the network. This data can then be used and compared to subsequent tests to depict infrastructure changes over time.
“With the latest version of CORE INSIGHT we are delivering the real-world business intelligence enterprises need to identify their risks and make better, more informed decisions when it comes to defending their critical assets,” said Jay Schiavo, director, product management at Core Security. “Combined with new integration, flexible reporting and time-saving features, these enhancements further empower our customers to more efficiently and proactively identify and address data breach threats.”
In addition, CORE INSIGHT v1.3 provides new capabilities to enhance integration with popular vulnerability scanning tools, such as those from Qualys and Nessus, and simplifies and automates frequently performed tasks, including:
- Granular management of connectivity to popular vulnerability scanning products - New centralized management capabilities enable users to select and set their level of connectivity to their preferred vulnerability scanning products.
- Seamless, one-click import of vulnerability scanning results - Users can quickly upload vulnerability scanning results directly into INSIGHT to easily validate them using real-world attack techniques.
- Automated export of INSIGHT testing results - Flexible data export capabilities enable users to easily specify the most relevant testing details and the desired frequency for them to receive customized results.
- LDAP integration - Complementing CORE INSIGHT’s existing integration with Active Directory, this enhancement enables users to import email addresses directly from LDAP for more efficient client-side penetration testing to measure their susceptibility to targeted e-mail based attacks such as spear phishing.
- Campaign cloning - To make the campaign creation process even more efficient, INSIGHT now enables users to save and reuse existing test definitions and campaigns, so the information will be pre-populated in future tests and can be edited as needed.
About Core Security Technologies
Core Security helps organizations bridge the gap between processing volumes of data and gaining actionable intelligence about proven security exposures. Our security test and measurement solutions empower customers with real-world security intelligence, security controls validation and metrics that allow them to more effectively secure their organizations and manage IT risks.
Core Security’s software solutions are used by more than a thousand commercial and government organizations worldwide. Our products range from desktop software tools for security experts to enterprise-wide automated testing and measurement platforms. All of our products and services are backed by over 15 years of leading-edge research and expertise from the company’s Security Consulting Services, CoreLabs Research and Core Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or online at http://www.coresecurity.com.
Dave Bowker or Lesley Sullivan