Core Security Technologies announces first comprehensive penetration testing tool

Core Security Technologies announces first comprehensive penetration testing tool

CORE IMPACT™ Professionalizes the Penetration Testing Practice

NEW YORK, NY, March 4, 2002 – Core Security Technologies today announced the launch of CORE IMPACT™, a revolutionary Information Security risk assessment product that professionalizes and streamlines the penetration testing process. CORE IMPACT™ provides the only comprehensive framework for performing penetration tests, making it possible to define and enforce a methodology, dramatically increase productivity, reduce errors, and leverage the knowledge and expertise acquired through successive assessments.

“There is certainly a need in the market for a product like IMPACT,” said Jose Granado, partner and director of Ernst & Young’s Advance Security Center in Houston. “We are seeing great demand for our penetration testing services, and we are constantly looking for tools to help us deliver our work efficiently to meet the growing demand.”

Penetration testing has quickly become an integral part of assessing and improving the security of a company’s network. Typically viewed as a subset of a broad security audit, the goal of a penetration test is to assess the security of a computer system by attempting to compromise that system using an attacker’s techniques. Until now, the penetration testing practice has relied largely on informal knowledge, individual tester handiwork and scarce security expertise. Such inefficiencies in the process can lead to inconsistent execution and higher costs. Due to the manual nature of penetration testing, processes are tedious and can be prone to error. Furthermore, the practice relies on disparate software packages and non-formalized methodologies, resulting in a significant and onerous learning curve.

“Through the course of performing countless penetration tests for our clients over the years, we recognized that there had to be a more efficient approach,” said Iván Arce, chief technology officer for Core Security Technologies. “We designed CORE IMPACT™ to address the problems with the current process, increase its overall quality, and help companies perform more efficient and secure penetration tests.”

CORE IMPACT™ is the master tool for penetration testing, consolidating in one application the ability to perform a test without being reliant on disparate software tools. With CORE IMPACT™, Core Security Technologies is providing the industry with a powerful framework to streamline and professionalize the penetration testing practice, making it more efficient and reliable. By automating tedious and time-consuming penetration test tasks, the product can save customers time and money. CORE IMPACT™ represents a groundbreaking approach to penetration testing and delivers the following features and benefits:
· Provides a flexible, open and expandable architecture -- CORE IMPACT™’s revolutionary agent/module architecture simplifies the penetration testing process, encompassing all phases in an intuitive manner that is easily extensible and customizable.
· Encompasses all penetration test phases under a single framework -- CORE IMPACT™ encompasses all phases of penetration testing within one tool and ensures quality by enabling customers to define, standardize and enforce their own penetration test methodology.
· Reduces errors -- CORE IMPACT™ provides automatic logging of all work performed during the penetration test, so testers always have a complete and up-to-the-second view of the current assessment. Easy removal of agents drastically simplifies the clean-up phase.
· Improves the security of the penetration testing practice -- CORE IMPACT™ ensures that the overall security of the tested environment is not weakened during or after the penetration test. It provides powerful authentication and encrypted communications between agents and the console, and easy removal of agents quickly returns the tested network to its original configuration.
· Automates certain penetration test tasks, dramatically reducing the time required to perform the test -- CORE IMPACT™ frees valuable human resources from having to manually perform repetitive and time-consuming tasks, enabling them to focus on the more vital penetration testing phases such as high-level overview and analysis, strategic attack planning, results analysis, and recommendations formulation.
· Logs all activities of the penetration test -- CORE IMPACT™ logs all penetration testing work performed in a centralized repository of information called the Entity Database, allowing for future reference and collective learning and analysis across assessments.

CORE IMPACT™ is available now, runs on Microsoft Windows 2000, and has agent support for Linux, Windows 2000, NT, Sun Solaris, and OpenBSD. For more information about CORE IMPACT™ and Core Security Technologies please visit

About Core Security Technologies
Core Security Technologies is a company fully dedicated to Information Security. CORE provides state-of-the-art software products to Information Security consultants, network security integrators, and the IT departments of large organizations. The company’s comprehensive solutions are designed to assess risk and protect and manage information assets. Headquartered in New York, Core Security Technologies can be reached at 212-461-2345 or on the Web at

# # #

Mon, March 04