Automated Penetration Testing Product CORE IMPACT Helps Security Testing Authority to Verify the Effectiveness of Network Intrusion Prevention Systems

Automated Penetration Testing Product CORE IMPACT Helps Security Testing Authority to Verify the Effectiveness of Network Intrusion Prevention Systems

Icsa Labs Advances Network Ips Testing Using Core Impact

BOSTON - October 10, 2006 - Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today announced that CORE IMPACT was one of the testing tools used by ICSA Labs, an independent division of Cybertrust, in its network intrusion prevention system (IPS) certification testing. ICSA Labs used and continues to use CORE IMPACT and its cutting-edge Traffic Masking techniques to safely evaluate network IPS detection and prevention capabilities.

“When selecting and maintaining a network IPS, organizations need to know that the products they purchase are providing the necessary level of protection against disruptive and costly intrusions,” said Jack Walsh, intrusion detection and prevention program manager at ICSA Labs. “We used CORE IMPACT as one of our testing tools because it allows us to quickly and easily replicate the types of attacks that network IPS products face in real environments every day.”

The testing methodology employed by ICSA Labs is the result of more than a year of research, industry cooperation and end-user feedback. Following the completion of an initial round of network IPS testing, ICSA Labs continues to use CORE IMPACT to perform independent, third-party certification testing of network IPS devices on behalf of corporate end users. To view the matrix of ICSA Labs certified network IPS products please go to:$36ebf2b4-fe67b635$6cb5-d675a991

"CORE IMPACT not only provides global certification testing leader ICSA Labs with the tools it needs to test the effectiveness of network security products, but also gives all organizations a tool for ongoing evaluation of their security investments, ensuring they perform as expected," said Paul Paget, CEO of Core Security Technologies.

In addition to performing traditional penetration tests and prioritizing vulnerability remediation efforts, IMPACT customers are also increasingly using the product to help them assess the effectiveness of their deployed security technologies. Further, as the adoption of network detection technologies has become more widespread, attackers have developed increasingly sophisticated methods for circumventing them, including the modification of network traffic to mask exploits and evade detection. As part of its ongoing efforts to arm companies with the latest methods attackers could use to compromise these systems, Core Security announced earlier this year a new Traffic Masking capability, initially covering two techniques: robust MSRPC fragmentation and the industry's first MSRPC traffic encryption.

More information about these techniques is available at:


CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. By safely, efficiently and quickly identifying how vulnerable assets can be breached, CORE IMPACT gives security professionals the information they need to help them better secure their network. CORE IMPACT, which is now used by more than 375 organizations worldwide, enables network administrators to identify what resources are exposed and determine if their current security investments are successfully detecting and preventing attacks. With its flexible reporting tools, CORE IMPACT makes it easy to share penetration testing results with auditors to help satisfy compliance requirements.

About Core Security Technologies

Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the first automated penetration testing product for assessing specific information security threats to an organization. Penetration testing evaluates overall network security and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing, software security auditing and related training. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at .

About ICSA Labs

ICSA Labs, an independent division of Cybertrust, Inc., offers vendor-agnostic testing and certification of security products. Hundreds of the world's top security vendors submit their products for testing and certification at ICSA Labs. The end-users of security technologies rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. The organization tests products in key technology categories such as anti-virus, anti-spyware, firewall, IPSec VPN, cryptography, intrusion prevention, PC firewall, SSL-VPN, application firewall, anti-SPAM and Wireless LAN. For more information about ICSA Labs, please visit:


Dave Bowker or Tim Whitman

Schwartz Communications

781 684-0770


Tue, October 10