The CORE Insight Enterprise predictive security intelligence solution continuously and proactively assesses the security of your organization’s most critical information assets. By combining intelligent attack simulation with real-world attack replication, CORE Insight reveals exposures to key assets and traces their origins across network, web application and end-user weaknesses throughout your environment. As a result, you gain clear metrics for efficiently validating security controls and mitigating business risks.
Summary of New Capabilities
- Web Services-Based API – enable data sharing and remote management with other systems
- Cross-Site Scripting Testing Capabilities – reveal exploitable XSS vulnerabilities in web applications
- Automated Network Topology Input – easily map network connectivity for faster network profiling
- New Campaign Dashboard – quickly learn about the status and results of specific testing campaigns
- Enhanced Tester Dashboard – gain additional details about exploitable threats in the environment
- Network Device Testing Capabilities – detect exploitable vulnerabilities in routers and switches
- New Executive Report – visualize how the organization’s risk posture is changing over time
- New Vulnerability Validation Report – filter vulnerability scan results for exploitable weaknesses
Web Services-Based API
In addition to its out-of-the-box connectors for a variety of GRC, SIEM and vulnerability scanner solutions, Insight now offers a web services-based API. The Web Services API provides customers with an industry-standard, documented way to enable data sharing between Insight and other systems in their unique environments. In addition, the API can be employed to remotely manage Insight through other applications, such as scheduling and running security testing campaigns.
Cross-Site Scripting (XSS) Testing Capabilities
Cross-Site Scripting (XSS) threats take advantage of vulnerabilities in web applications and allow attackers to interact with the browsers of web application users. Insight is now able to identify GET- and POST-based XSS vulnerabilities, including:
- URL-based, reflective XSS vulnerabilities
- Persistent (or stored) XSS vulnerabilities
- XSS vulnerabilities in dynamic Adobe Flash objects
Automated Network Topology Input
Customers can now import their Cisco network device configuration files into Insight to easily map network connectivity. This enables Insight to profile the target IT environment and begin testing without requiring manual input.
New and Enhanced Dashboards
CORE Insight dashboards give customers a centralized view of their enterprise security posture, plus full drill-down capabilities for conducting further analysis and making informed decisions.
New Campaign Dashboard
The new Campaign Dashboard provides users with in-depth information about the status and results of specific Insight campaigns. Users can drill down to the Campaign Dashboard from campaign listings in the Tester Dashboard.
The Campaign Dashboard includes the following data:
- Campaign Profile: campaign details including name, target, owner, location, etc.
- Campaign Trends: numbers of assets tested, penetration points identified, and breach risks found by the campaign over time
- Top Exploits: penetration point counts for the most successful exploits of the campaign
- Campaign Status: campaign progress and detailed audit of testing activities
- Emerging Threats: details for new Insight exploits applicable to the campaign’s target environment
Enhanced Tester Dashboard
The Tester Dashboard, designed for security professionals charged with configuring and executing campaigns, has been significantly enhanced with the addition of five new data views:
- My Active Campaigns: results summaries for all current campaigns owned by the tester
- Exploit Trend: numbers of exposures identified over time within the tester’s campaigns and targets
- Threat Report: all exploitable vulnerabilities identified by the tester’s campaigns
- Top Exploits: counts for the most successful exploits among all campaigns owned by the tester
- Emerging Threats: details for new Insight exploits applicable to the tester’s target environment
Network Device Testing Capabilities
Networking equipment presents a key area of concern for today’s IT security organizations based on its highly strategic role in isolating sensitive systems and data from unauthorized access. For instance, given control of a router’s configuration, an attacker could gain access to other networks that otherwise would not be detectable. An attacker with command of a switch could quietly steal and manipulate data, as well as inject their own malicious data into switch traffic.
With the addition of network device testing capabilities, CORE Insight can target Cisco® network routers and switches to prove how a single device intrusion could escalate into a widespread data breach. If Insight is able to access a network device, it can demonstrate the implications of a breach by retrieving the device’s configuration file and optionally trying to crack any passwords that are in use.
CORE Insight reports make it easy to share information about business risks in your environment with executive management, colleagues in the line of business, compliance officers, auditors and others.
The new Insight Executive Report provides a high-level view of results across multiple campaigns. It is useful for identifying key areas of risk within your environment, tracking changes in risk posture over time, and informing decisions on where to focus resources.
Vulnerability Validation Report
CORE Insight Enterprise offers integration connectors for a number of popular network and web vulnerability scanning solutions. Through the connectors, Insight can import scan results from these solutions and then determine which of the reported vulnerabilities pose critical, exploitable weaknesses in the tested environment. The new Vulnerability Validation Report details which of the imported vulnerabilities where tested for exploitability and which were in fact exploitable.
About CORE Insight Enterprise
CORE Insight Enterprise is the first security intelligence solution that enables organizations to continuously and proactively assess their business risks. CORE Insight empowers executives to make informed choices for improving security, optimizing budgets, and increasing operational efficiency. The Insight solution integrates seamlessly with existing IT environments, pinpointing imminent risks without disrupting business processes. By combining advanced simulation with real-world testing, CORE Insight provides actionable information otherwise overlooked amidst volumes of security data. Customers gain unprecedented intelligence regarding their organization’s real-time security posture, while connecting real risks to specific operational and business goals. Please visit www.coresecurity.com/core-insight-enterprise or call CORE Security at +1 (617) 399-6980 to learn more.