Core Securitys CEO Paul Paget says being a fan of the Red Sox was a factor in moving the company to Boston.
06/01/2004 08:10 AM
By Patricia Resende
While auto giants are testing automobiles in crash tests using dummies, Core Security Technologies is using its software to crash-test the military and a slew of other businesses.
Core Security last week released its Core Impact 4.0 penetration testing software, which attacks an organization’s network to find vulnerabilities.
Core Impact gives its users a way to determine if an attacker or worm is able to exploit the network by running through a company’s operating system or network to check for vulnerabilities. Once a vulnerability is discovered, the software figures out how to exploit it, then points to appropriate patches and remediation efforts.
Paul Paget, Core’s chief executive officer, said the Army and Marine Corps Red Teams use the product. Red Teams intentionally attack other communication systems within the military to find vulnerabilities.
But Paget, realizing there were bigger markets to go after, says Core Security’s new version extends its product reach to manufacturers, oil and utility companies, schools and banks.
Core Security started in Buenos Aires, Argentina, in 1996. The founding researchers consulted and developed products for U.S. businesses. Core, for example, was one of a handful of companies certifying Visa merchants using the Internet for credit card purchases.
The company’s success made it an easy decision to develop its own product and move to the United States. It was initially based in New York but moved to Boston last year. Paget, who joined in 2002 to bring Core Impact to market, said he wanted the company to be near the universities and talent pool in the area and quipped that his being a big Red Sox fan was also a factor.
“There are few people who know how to do this,” Paget said of penetration testing. “So we’ve made this very affordable and very easy (to do).”
Rather than pay someone $300 to $400 per hour to do the work, clients pay $2,495 for the product and receive weekly updates on attacks or software.
Core customers such as Sappi, a $3 billion fine-paper company with an office in Boston, use Core Impact to test global networks. Jim Cupps, information security officer at Sappi, said that without using penetration testing a company wouldn’t understand its own environment.
“This tool for me was the ultimate verification that something is vulnerable,” he said.
Cupps uses Core Impact, for example, to see which machines need patches.
Other business clients include Symantec, Microsoft and News Corp. Government customers include NASA and the U.S. Air Force.
According to a Gartner Inc. report, 90 percent of hacker attacks through 2008 will exploit software vulnerabilities.
The analyst firm suggests that taking preventative measures could ease both the number of attacks and costs associated with recovering from them.
“Through 2005, 20 percent of enterprises will experience a serious Internet security incident,” said Richard Mogull, research director for GartnerG2. “Of those that do, the cleanup costs of the incident will exceed the prevention costs by 50 percent.”
Core Security’s employees are split between Argentina and Boston. R&D is primarily in Buenos Aires, but Paget said the Boston office is building a technology team. It has received funding from Pegasus Venture Capital and plans to seek an additional round of between $2 million and $5 million.
The company is also looking to develop a product version that will allow customers to perform automated penetration testing rather than have a person run the test.
Patricia Resende is a freelance writer in Bristol, R.I.
Source: Mass High Tech