New Automated Testing Solution Provides Continuous Visibility into IT Risks
BOSTON – June 22, 2010 - Core Security Technologies, the market’s leading provider of IT security testing solutions that enable organizations to get ahead of threats and bridge the gap between security data and critical business risks, today announced the introduction of an entirely new solution, CORE INSIGHT Enterprise.
Built from the ground up to empower leadership to continuously test and measure their organizations’ overall security standing in the face of real-world threats, INSIGHT Enterprise allows IT security executives to gain greater visibility into their organizations’ enterprise-wide security profile, to verify actual business risks, and to validate their protective controls.
Unlike existing security assessment and management solutions that use hypothetical models or simulations to estimate IT risks, or merely aggregate historic log data to detail events that have already transpired, INSIGHT Enterprise utilizes the power of confirmed exploitability to demonstrate actual exposures, eliminating the potential for false positives and allowing organizations to proactively identify available paths to protected information spanning multiple layers of IT infrastructure – before incidents can occur.
By providing management with the ability to identify specific points of risk to critical business assets and filter through their mountains of security data, INSIGHT Enterprise empowers IT, security and business leadership to finally answer to the question: “Are we more, or less, secure today than we were yesterday?”
“Core Security is uniquely positioned to address a significant gap in management’s ability to understand where their greatest IT-based information risks currently reside, and to associate these threats with the critical business operations and electronic data that they need to protect most – all in real time,” said Mark Hatton, CEO and president of Core Security.
“The introduction of CORE INSIGHT Enterprise represents the culmination of many years of highly focused research and development, as well as our deep experience delivering our solutions to over 1,000 customers worldwide. This is the arrival of an entirely new class of security testing and measurement solutions that finally allow organizations to understand their level of IT risk in a truly relevant, efficient and timely manner,” Hatton said.
Beyond IT, security and business executives, INSIGHT Enterprise provides operational security teams with benefits including:
- Distributed management capabilities and the ability to empower other non-security team members to perform safe, reliable testing.
- The ability to scale testing initiatives without having to hire costly consultants or dedicated, experienced professional testing staff.
"The 451 has long believed that IT security testing needed to evolve from a specialized skill set to a core enterprise competency. That's even more true now, as the enterprise security landscape shifts from protecting against indiscriminate attackers, worms and viruses to adaptive, persistent adversaries,” said Paul F. Roberts, Senior Analyst, Enterprise Security at The 451 Group. “What have been lacking are tools that make meaningful testing accessible to a broader audience. Core's INSIGHT Enterprise is a big step in that direction."
Closing the Gap Between Security Data and Business Risk – How it Works
CORE INSIGHT Enterprise helps organizations understand whether any of their critical business information is exposed to a security breach. Customers begin by defining which assets are important to their organizations, such as:
- Systems for financial transactions, operations controls, or other mission-critical functions.
- Databases housing sensitive information such as financial data, customer or patient records.
- Data formats such as credit card numbers, social security numbers, or employee ID numbers.
INSIGHT Enterprise then automatically maps an organization’s entire IT environment and searches for exploitable pathways to identify any critical information that is available. The product’s many dashboards and reports categorize and present test results using terminology relevant to the customer’s business, allowing IT security management to more easily communicate information risks to line of business leaders and other executives.
INSIGHT Enterprise utilizes automated attack planning technology coupled with an exploit engine that leverages Core Security’s 15-plus years of penetration testing expertise to find any available avenues to critical data and assets, to filter data from other security solutions, and to allow organizations to trend security and compliance controls performance over time.
By replicating threats seeking to compromise defined business assets through web, network and client-side channels, the product’s centralized dashboards and reports also track the efficacy of security controls in terms of relevant operational areas, such as specific business units or compliance mandates.
Each of the solutions’ dashboard windows offers a unique, at-a-glance view of security posture, plus full drill-down capabilities for conducting further analysis and informing response efforts.
INSIGHT Enterprise Beta Program
Effective today the INSIGHT Enterprise Beta Program is available to select industry-leading organizations interested in implementing a prototype version of the security testing and measurement solution in appliance form. Beta participants will able to conduct full automated and continuous testing across their IT infrastructure and provide feedback to Core Security to further support production of the G/A version of the product, due to release near the end of 2010. The Beta program arrives on the heels of a highly successful and oversubscribed Alpha Program, which included organizations deploying an early release prototype appliance and running thousands of individual tests to provide input into development of the Beta version.
About Core Security Technologies
Core Security Technologies enables organizations to both get ahead of threats and bridge the gap between security data and critical business risks. Using our test and measurement solutions, security professionals proactively validate their security controls while revealing actual risk paths that traverse IT layers to expose critical assets. As a result, our customers gain unprecedented visibility into threats to the business, while measuring risk on a continual basis. Core’s security testing and measurement solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, Mass. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.
Tim Whitman or Lauren O’Leary