With the release of Insight 3.0 CORE Security has added significant features and capabilities in the following areas:
Network Topology Visualization for Threat Modeling
CORE Insight's Network Topology Map models an organization’s multi-tiered network by importing topology information from network devices. CORE Insight navigates complex network configuration files by parsing static routes, access control and ports from over 100 different network devices, including routers, switches, firewalls, load balancing devices and many more. These threat models allow security teams to visualize all possible attack paths from any source to any destination on any port or protocol.
Network Topology Import- Click to zoom
Automated Asset Labeling
CORE Insight identifies the importance and value of network assets through direct integration with common asset management (including spread-sheets), network configuration and vulnerability management tools. Asset labels are used to quickly classify assets (IP based devices) in to different categories including OS type, geographic location, or other defined categories to provide further intelligence as to risk severity and remediation priorities.
CORE Insight 3.0 includes comprehensive network scanning capabilities similar to those found in traditional vulnerability assessment solutions. With CORE Insight 3.0, you can manage, schedule scans all from a single management interface.
Web & Cloud Scanning
CORE Insight 3.0 offers complete web application scanning functionality. CORE Insight comes with the ability to scan web applications across a multitude of potential risks including many of the OWASP defined categories. During the collection and simulation phase, Insight can map weaknesses in your web-applications to other categories of vulnerabilities in the network, giving the user a better perspective of how a multi-vector attack can be used to place key systems at risk.
End-User Security Assessment (Phishing)
COREInsight can collect information on user-generated risk by running phishing campaigns against a broad set of users using your LDAP server as source of data. These phishing campaigns can be quickly delivered via CORE Insight’s 25+ pre-configured templates, each of which can be customized for your environment. Security professionals can:
- Assess security awareness by identifying users who click links in phishing emails;
- Customize sample phishing templates, or create your own custom spear phishing email;
- Set web forms phishing traps to flag data leakage risks;
- Test end-user machines for exploitable vulnerabilities and pivot to other network systems
McAfee ePO Integration
CORE Insight 3.0 offers comprehensive integration with McAfee’s ePolicy Orchestrator solution to allow McAfee users to view threat models and vulnerabilities within their established ePO dashboards. The required scan data can be collected from a direct integration with McAfee MVM or other 3rd Party scanners. With Insight and ePO, users can ask “What if?” questions such as, “How many vulnerabilities are found on systems with outdated AV signatures?” The integration includes links directly back to Insights attack path modeling screens, which can be viewed directly from ePO in order to better determine enterprise risk.
Insight/Impact Pro Integration
CORE Insight 3.0 enhances an organizations established vulnerability management and penetration testing process by simulating attack scenarios and generating attack paths. Once attack paths are established with Core Insight, this information is automatically to CORE Impact Pro to run further tests, including live tests, with Impact Pro. As exploits are found, they are uploaded to Insight 3.0 for monitoring, reporting and further simulation.
CORE Impact Data within Insight - Click to zoom