CORE IMPACT Integrates with QualysGuard to Automate Vulnerability Assessment and Penetration Testing

CORE IMPACT Integrates with QualysGuard to Automate Vulnerability Assessment and Penetration Testing

Joint Solution Increases Effectiveness of Network Security and Reduces the Window of Exposure to Attacks

BOSTON - September 11, 2006 - Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks and Qualys®, Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced an integration of their products, CORE IMPACT and QualysGuard®. This new integration gives enterprises and security consultants an automated way to scan networks against a comprehensive vulnerability database with QualysGuard and then safely exploit those same vulnerabilities with a CORE IMPACT penetration test.

With this integration, security consulting organizations and corporations will now have in their hands a comprehensive solution that helps them prioritize risk mitigation tasks, increase the effectiveness of network security and reduce the window of exposure to attacks. The integration reduces the amount of time organizations spend collecting data from vulnerability scans and performing penetration testing, while lowering costs and making the remediation process more effective.

"We have been using both QualysGuard and CORE IMPACT to provide our customers with a comprehensive assessment of their security posture. This integration eliminates the manual step of running a scan using another interface before we can perform penetration testing, making our security consultants more effective," said Erik Birkholz, CEO of Special Ops Security, Inc.

With this integration QualysGuard's vulnerability assessment results are automatically imported into the CORE IMPACT management console. Customers can overlay this information with their overall asset value judgment, and proceed with a CORE IMPACT penetration test at any time to validate the security of critical resources. Customers will be able to replicate the type of access an intruder could achieve, thereby understanding the actual paths of attack that must be eliminated.

"By integrating these two products, QualysGuard vulnerability scans can be automatically incorporated into a CORE IMPACT penetration test without the burden of manually integrating the results," said Paul Paget, CEO of Core Security Technologies. "In addition, by integrating QualysGuard and CORE IMPACT, organizations not only improve their overall vulnerability management process, but they also are better able to comply with a number of regulations, which require regular vulnerability scanning and penetration testing."

"The integration of CORE IMPACT with QualysGuard further automates the process of performing vulnerability scans and penetration testing," said Philippe Courtot, chairman and CEO of Qualys. "Network security is a battle against time and automation reduces time to action and costs while improving the quality of the results."

About QualysGuard

QualysGuard is an on demand vulnerability management and policy compliance solution that enables organizations to assess and manage business risk. QualysGuard automates the network security auditing process across the enterprise both inside and outside the firewall, and across distributed networking environments. QualysGuard provides network discovery and mapping, asset prioritization, centralized reporting, and remediation workflow and verification. Executive-level reports allow security professionals to demonstrate effective security practices and verify compliance with data protection laws and regulations. QualysGuard's on demand technology is far more accurate, cost effective, and easier to deploy than software-based alternatives.


CORE IMPACT makes it easy, efficient and cost-effective for any security professional or network administrator to perform a penetration test. With just a point and click, CORE IMPACT allows a user to safely exploit vulnerabilities within a network, replicating the kind of access an intruder could achieve. By exploiting these vulnerabilities and the relationships that exist among network components, CORE IMPACT helps users intelligently prioritize remediation efforts, validate the security of vital information stored on critical severs, and accurately evaluate the effectiveness of IDS, IPS and other deployed or considered security technologies.

CORE IMPACT features the Rapid Penetration Test (RPT), an industry-first, step-by-step automation of the penetration testing process. From the initial information-gathering phase to production of the final report, the penetration testing steps within CORE IMPACT can be run completely autonomously.

About Qualys

Qualys, Inc., the leader in on demand vulnerability management and policy compliance serves more than 2,200 enterprise subscribers around the world including more than 200 of the Forbes Global 2000. QualysGuard Software as a Service (SaaS) solutions help security managers effectively strengthen the security of their networks, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys' cost effective on demand technology requires no capital outlay, infrastructure or maintenance and can be deployed in a matter of hours anywhere in the world. Qualys global customers include AXA, DuPont, eBay, ICI Ltd, Kaiser Permanente, Novartis, Oracle and many others. Qualys is headquartered in Redwood Shores, California, with business units in Europe and Asia. For more information, please visit

About Core Security Technologies

Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the first automated penetration testing product for assessing specific information security threats to an organization. Penetration testing evaluates overall network security and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing, software security auditing and related training. Headquartered in Boston, MA, Core Security Technologies can be reached at 617-399-6980 or on the Web at .


Dave Bowker or Tim Whitman

Schwartz Communications

781 684-0770


Mon, September 11