Validate Network and Web Vulnerability Scan Results
To effectively protect your organization's information assets, a vulnerability management strategy must encompass multiple steps - from scanning to remediation:
- Scan network servers, workstations, firewalls, routers and various applications for vulnerabilities.
- Identify which vulnerabilities pose real threats to your network.
- Determine the potential impact of exploited vulnerabilities.
- Prioritize and execute remediation efforts.
Scanning applications can provide a key component to the vulnerability management process by helping you to understand your organization's potential vulnerabilities. Penetration testing with Core Impact builds on this process by identifying which vulnerabilities are real, while determining if and how they can be exploited. This gives you the information you need to intelligently prioritize remediation efforts and effectively allocate security resources.
Vulnerability Validation Demonstrations
Network Scanner Vulnerability Validation with Core Impact Pro
Web Scanner Vulnerability Validation with Core Impact Pro
How Core Impact Vulnerability Validation Works
- Run a vulnerability scan to identify and report on vulnerabilities
- Import the scan results into Core Impact
- Run the exploits against critical vulnerabilities identified in the scan results
- Reveal which vulnerabilities pose critical risks
- Safely demonstrate the consequences of a breach – including multistaged threats to backend systems
- Run Core Impact vulnerability validation reports. These reports are available with specific information for FISMA and PCI reporting.
- Focus remediation on critical issues first
- Re-test patched and updated systems
- Run Core Impact delta and trend reports
- Repeat above steps as desired
Supported Vulnerability Scanners
Core Impact Pro currently is integrated with the following network vulnerability scanners:
- eEye Retina Network Security Scanner
- GFI LANguard™
- IBM Internet Scanner®
- Lumension® Scan
- McAfee® Vulnerability Manager
- Microsoft Baseline Security Analyzer
- Qualys QualysGuard®
- Tenable Nessus®
- Tenable Security Center®
- Tripwire IP360™
… and with the following web vulnerability scanners:
- Acunetix® Web Security Scanner
- Cenzic Enterprise®
- HP Web Inspect®
- IBM AppScan®
- AppSpider (previously NTO Spider™)
Ensure Comprehensive Vulnerability Management, with or without a Scanner
Core Impact integrates with the most widely-used vulnerability scanners, allowing you to import scan results and run exploits to test identified vulnerabilities. However, you don't need to have a vulnerability scanner to use Impact. In the Information Gathering phase, Impact will independently identify servers, services, etc., enabling it to intelligently determine the appropriate exploits to run.