Your organization´s servers and workstations make up the backbone of your IT infrastructure and house some of its most important information assets. Perimeter defenses offer these systems a level of protection, but no defensive application is 100% impervious to attack. It´s therefore critical to proactively test your organization´s ability to detect, prevent and respond to network threats.
Core Impact Pro allows you to replicate multistaged attacks that leverage compromised end-user systems to target backend resources, revealing how chains of exploitable vulnerabilities can open paths to mission-critical systems and data.
By safely replicating real-world attacks against network systems, Impact Pro enables you to determine …
- which systems are exposed if perimeter defenses are compromised
- what OS and services vulnerabilities pose real threats to your network
- how privileges can be escalated on compromised systems
- what information could be accessed, altered or stolen
- which systems are vulnerable to denial of service attacks
- how trust relationships could be used to propagate local attacks against other network systems
Click on the video to see how Core Impact Pro gives you unmatched visibility into network security risks.
Practice Ongoing Security Assurance with Rapid Penetration Tests
Using Core Impact Pro’s Rapid Penetration Test (RPT), you can regularly evaluate the security of network resources, without requiring advanced technical skills. The RPT incorporates industry-accepted best practices for security testing into six simple steps:
- Information Gathering
- Attack and Penetration
- Local Information Gathering
- Privilege Escalation
- Report Generation
The RPT speeds security testing by automating the actions of an attacker and simultaneously launching multiple exploits against your network. This saves significant time versus manual testing, while providing a consistent, repeatable process for testing your evolving IT infrastructure.
Stay Ahead of the Latest Threats with Commercial-Grade Exploits
Quality exploits are critical to the success of any network security test. With Core Impact Pro, you have full control over the most comprehensive, stable and up-to-date library of exploits available. Created in-house by a dedicated team of experts, they are guaranteed to be current, effective and safe for your network.
Core Security continually works to assess the current threat landscape and anticipate new threats. Core Impact Pro customers therefore typically receive an average of 30 exploits and security updates per month.
Safely Demonstrate the Consequences of an Attack with Impact Pro Agents
Core Impact Pro takes security testing to another level by not only identifying and proving the exploitability of vulnerabilities, but also demonstrating the consequences of a data breach. Once an Impact Pro exploit successfully compromises a system, the product’s Agent technology allows you to interact with the system as an attacker could – such as by browsing the file system, launching a command shell, or running local exploits to escalate user privileges. Impact Pro also allows you to pivot attacks from the newly compromised system to servers and workstations on the same network – replicating an attacker’s attempts to take advantage of trust relationships and gain access to increasingly sensitive information.
Identity Manager & Password Repository
Core Impact’s Identity Manager learns identities, usernames and passwords, SSH keys, cookies and other pieces of information that can be used to gain control of systems in an environment. You can also quickly and easily reuse the newly discovered valid identity against all other systems in the environment to rapidly take control of them.
Pivoting: Assess Your Exposure to Multi-Staged Threats
Cybercriminals are increasingly consolidating diverse attack methods to further extend their reach into compromised organizations. Core Impact Pro is the only product to simulate multi-staged attacks by integrating network penetration testing with both end-user testing and web application testing. The product’s unified interface allows you to leverage systems compromised during end-user and web application tests as beachheads from which to launch local attacks on other network systems. You can also use information harvested from compromised employee databases to create and launch convincing spear phishing tests with Impact Pro’s end-user testing capabilities.