Core Insight 5.0 adds new attack intelligence features to your vulnerability management initiatives enterprise-wide. These features include a centralized asset store for consolidating and normalizing large amounts of vulnerability data, flexible reporting for granular analysis and customization, and interactive attack paths to quickly model potential threat scenarios on the fly.
New capabilities include:
- Attack Path Ranking
- Attack Modeling via Graph Technology
- Real‐Time Exploit Matching and One-‐Click Campaigns
- Increased Scalability and Comprehensive Analytics
- Improved Usability through UI Enhancements
Attack Path Ranking: Prioritize remediation efforts to address known vulnerabilities by ranking attack paths from most critical to least urgent. Core Insight determines the attack path rank using a numerical risk score based on a combination of over 60 different attributes.
Attack Modeling via Graph Technology: Rapidly model your entire network from a potential breach perspective utilizing Graph technology. Core Insight uses the graph concept of nodes (systems) and edges (network topology & vulnerabilities) to determine security-‐based associations among all of your vulnerable systems. As a result, Core Insight quickly highlights areas of weakness within large, complex networks.
Assessing Risk by Subnet and VLAN: Identify potential threats to critical business assets posed by specific collections of systems. Organizations typically create subnets and VLANs with limited authentication to provide basic networking services to non-‐employees. Now you can identify attack paths using subnets and VLANs as your starting points to quickly assess the risk presented by these guest services.
Analytics Tab: The updated user interface allows users to quickly apply Core Insight’s Attack Strategy technology to vulnerability, exploit, and attack path analytics. With the new interactive analytics tab, users can more easily focus on problem areas and also schedule automated campaigns.
Unified Risk Warehouse: All data import functionality is centralized in the Core Insight 5.0 Assets Tab. The product directly supports imports from Tenable Security Center and Rapid7 Nexpose, in addition to previously supported scanners (Tenable Nessus, Tripwire IP360, McAfee Vulnerability Manager, Qualys Vulnerability Manager, and Qualys Web Application Scanner). The results of the data import can be quickly sorted and filtered by a variety of attributes including vector type, IP, CVE, server type, etc.
Campaigns up to 25K assets: Core Insight 5.0 Campaigns can now hold larger sets of data. Campaigns allow security teams to automate the process of identifying weaknesses in corporate networks. By running campaigns on a continuous basis, CISOs can track security trends over days, weeks, months, or years.
Usability and Agility
“One‐Click” Campaigns: With one click, Core Insight 5.0 users can quickly create automated Campaigns enabling security teams to efficiently evaluate measureable changes in their security status.
Real‐time Exploit Matching: Exploit matching requests now yield immediate results without the need to configure campaigns. This feature can be found under the new Analytics tab and provides a table view of metadata that highlights relevant vulnerabilities. By applying Attack Strategies to these esults, security teams can further reduce the number of vulnerabilities that need to be prioritized for remediation.