CORE IMPACT Product Family Enables Organizations to Prioritize Security Risks and Maintain PCI Compliance


Comprehensive security testing helps customers identify critical vulnerabilities and reduce the cost and complexity of maintaining PCI certification

BOSTON, MA - November 24, 2008 -
Core Security Technologies today announced a significant milestone, delivering version 7.6 of its flagship product,
CORE IMPACT Pro, as well as its newest offering, CORE IMPACT Essential, to the EU market.
Both solutions enable enterprises to rapidly assess their information security posture and ensure that they maintain compliance with the
Payment Card Industry (PCI) Data Security Standard (DSS).

In addition to providing customers with the most effective manner of identifying and prioritizing their most significant security
vulnerabilities, the CORE IMPACT product family allows organizations to meet the strict testing measures established in PCI
Requirement 11.3 and further clarified in version 1.2 of the DSS, which the PCI Council officially put into effect on 1 Oct., 2008.

The PCI 1.2 standard specifically states in Requirement 11.3 that companies must
"run internal and external network penetration tests at least quarterly and after any significant change in the network
(such as new system component installations, changes in network topology, firewall rule modifications, product upgrades)."

PCI officials have also further endorsed the use of comprehensive testing solutions including IMPACT Pro
as an acceptable form of testing to provide to certified PCI compliance auditors. Additionally, IMPACT Pro
allows organizations to validate the efficacy of other security controls required under PCI DSS, including
the capabilities of IDS/IPS, anti-virus and web applications firewalls to prevent attacks that
can circumvent defensive mechanisms and go after protected payment card data.

The direct applicability of CORE IMPACT solutions to the PCI DSS standard has become a major driver behind the rapid adoption of
CORE IMPACT Pro by large enterprises, Qualified Security Assessors (QSA) and Approved Scanning Vendors (ASV) alike,
all of whom use the solution to regularly test their security systems and processes, or those of their customers.

"The specific requirements of PCI have placed penetration testing and vulnerability assessments front and centre on
the agenda of many organizations that had previously overlooked this vital security procedure,"
said Fred Pinkett, vice president of product management at Core Security Technologies.
"IMPACT Pro also includes PCI-specific reporting functionality to help customers automate testing and quickly prioritize any
remediation work needed maintain compliance with the standard."

In a recent webcast hosted by Core Security, Bob Russo, general manager of the PCI Security Standards Council,
reaffirmed that internal use of a penetration testing software solution such as IMPACT meets the specific testing guidelines of
DSS and confirmed that reports produced by such technologies will be accepted by certified auditors as proof of compliance
with that portion of the mandate. The statement refutes some existing market misconceptions that DSS requires third-party penetration testing.

Russo also submitted that regular use of such a security testing solution should be considered an important mechanism
in maintaining PCI compliance over time, and a vital element of any organization's fundamental security practices.
To hear the Russo webcast in its entirety, click here

Existing IMPACT Pro users have recognized that the solution is extremely strategic in both meeting PCI compliance goals
and improving their overall security posture. As a result of bringing CORE IMPACT testing capabilities in-house,
many of these organizations have also directly reduced the number of third party consulting engagements they enlist
to conduct security assessments each year, or have begun sharing IMPACT testing results directly with their services providers
to maximize the value delivered via those efforts.

"Whilst it's nice to know that we're compliant with regulations, it's much more important for us to deliver on
our promise to ensure information security for our customers," said Matt Hobbs, chief architect and security officer for
U.K.-based travel services provider "By deploying CORE IMPACT we are now able to test our infrastructure
for vulnerabilities as part of our routine security practice which also allows us to simultaneously meet many of our obligations
to regularly test security systems and processes."

To read more about's use of IMPACT Pro, click here

About Core Security Technologies

Core Security Technologies is the leader in comprehensive security testing software solutions that IT executives
rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company's CORE IMPACT
product family offers a comprehensive approach to assessing the security of network systems, endpoint systems,
email users and web applications against complex threats. All CORE IMPACT security testing solutions are
backed by trusted vulnerability research and leading edge threat expertise from the company's Security Consulting Services,
CoreLabs and Engineering groups. Based in Boston, MA and Buenos Aires, Argentina,
Core Security Technologies can be reached at 617-399-6980 or on the Web at

Mon, November 24