By Jack M. Germain
August 18, 2005 2:00PM
"Penetration testing picks up where 'scan and identify' leaves off," said Charles J. Kolodgy, research director at IDC. "As companies move to integrated solutions for greater protection, penetration testing will become more important."
Core Security wants network administrators to hack into their own corporate computer systems to find where they are vulnerable and what patches are lacking.
Core's penetration-testing software, called CORE IMPACT, is designed to help I.T. departments attack their networks safely before and after patches are deployed.
The company has described CORE IMPACT, now upgraded to version 5.0, as the first penetration-testing product for assessing specific information-security risks. The product is designed to replicate the kinds of access a hacker, worm or virus could achieve. The software also shows the actual open, vulnerable pathways that must be eliminated.
"Penetration testing picks up where 'scan and identify' leaves off," said Charles J. Kolodgy, research director at IDC. "As companies move to integrated solutions for greater protection, penetration testing will become more important."
Increasingly, said Kolodgy, management will need to justify security investments by proving that these investments are indeed paying off. "This is where the benefits of an automated solution like CORE IMPACT 5 can be realized," he said.
Patching Process Slow
A recent Gartner Research report on the problems of software patches highlighted the fact that I.T. departments must install multiple updates every week to keep up with the vast number of worms and viruses exploiting vulnerabilities.
All too often, that report said, vulnerabilities are so critical that vendors rush patches without adequate testing, thus presenting a new set of security issues.
Experience with this week's infections of Windows 2000 computers by the ZoTob worm underscores the risk of taking too long to apply patches. I.T. managers got the message that they need to speed up the patching process. According to security experts, it typically takes I.T. departments 30 to 60 days to deploy security patches.
"Enterprises and organizations are finding it more difficult to keep their networks safe from increasingly sophisticated, malicious hackers and ill-intentioned insiders," said Core Security CEO Paul Paget. "Using CORE IMPACT, with only a few mouse clicks, any user can get a comprehensive assessment of the exposure of their network and optimize the process of managing their vulnerabilities."
CORE IMPACT Rundown
The latest version can integrate with other security tools to help manage and remediate vulnerabilities and give admins the ability to focus on the most critical vulnerabilities first, said company officials.
The new version of CORE IMPACT also has the ability to launch simultaneous, multiple attacks to help improve the process with which users can evaluate their network defenses.
Once the software finds vulnerabilities, it can output its findings to HTML, PDF, Microsoft Word and other popular formats so that the data can be customized and shared with auditor groups and other parts of an organization.
Sources:
NewsFactor Network
http://www.newsfactor.com/news/Core-Helps-Admins-H
CIO Today
http://www.cio-today.com/news/Core-Helps-Admins-Ha
Top Tech News
http://www.toptechnews.com/story.xhtml?story_id=10
