Core Security integrates with several best-of-breed technology providers to enable enterprises worldwide to proactively identify critical risks and match them to unique business objectives, operational processes, and regulatory mandates. Core Security partners with a variety of complementary technology vendors to provide prebuilt integration and interoperability.
IT Governance, Risk and Compliance (IT-GRC)
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organisations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance & access control, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
RSA Archer eGRC
RSA Archer eGRC: RSA Archer eGRC modules allow you to build an efficient, collaborative enterprise governance, risk, and compliance (eGRC) program across IT, finance, operations, and legal domains. With RSA Archer, you can manage risks, demonstrate compliance, and automate business processes.
Trend Micro is a global cybersecurity company. Founded in the USA in 1988, Trend Micro is the global leader in Cloud security. Trend Micro’s success in innovation continues to propel our business and technology strategies forward. In the post-PC cloud era, we envision an adaptable security framework that follows and protects your business and personal information across evolving computing environments, applications and devices. Today 48 of the top 50 global companies trust Trend Micro solutions.
Network Vulnerability Scanners
Core Insight and Core Impact Pro can import and validate the exploitability of results from several network vulnerability scanners.
Beyond Security's testing solutions accurately assess and manage security weaknesses in networks, web applications, industrial systems and networked software. We help businesses and governments upgrade and simplify their network and application security thus reducing their vulnerability to attack and data loss. Our product lines, AVDS (network and web application vulnerability management) and beSTORM (software security testing), will help you secure your network and applications, comply with your security policy requirements and exceed industry and government security standards.
eEye Digital Security
eEye Digital Security® is the innovative leader in vulnerability and security research, providing security solutions that help businesses and users protect their systems and intellectual property from compromise. eEye enables secure computing through world-renowned research and innovative technology, supplying some of the world’s largest businesses with integrated and research-driven vulnerability assessment, intrusion prevention, and client security solutions. eEye protects the networks and digital assets of a growing network of more than 9,000 corporate and government deployments worldwide. eEye delivers the following security products: Blink® Personal internet security, Blink® Professional client security, Retina® Network Security Scanner, REM™ Security Management Console, Iris® Network Traffic Analyzer, Retina® Scan on Connect, and eEye Preview Research Services. Founded in 1998, eEye Digital Security is headquartered in Orange County, California.
Retina ® Network Security Scanner
Retina® Network Security Scanner, recognized as the industry standard for multi-platform vulnerability assessment, identifies known network security vulnerabilities and assists in prioritizing threats for remediation. This scanner features fast, accurate, and non-intrusive scanning, enabling administrators to effectively and efficiently secure their networks even when facing the most recently discovered vulnerabilities. Organizations can also leverage Retina for security risk management and for enforcing standards-based policy settings that support their corporate and regulatory audits. Retina provides centralized network policy assessment, centralized vulnerability management, and centralized event management through the REM Security Management Console.
GFI Software provides a single source of web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions. GFI has offices in the USA (North Carolina, California and Florida), the UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, and supports hundreds of thousands of installations worldwide. With award-winning technology and an aggressive pricing strategy, GFI Software satisfies the needs of businesses world-wide. GFI Software is a channel-focused company with a global network of thousands of partners and is a Microsoft Gold Certified Partner.
GFI LANguard™ is an award-winning network security scanner, patch management and software and hardware auditing solution that provides a complete network security overview with minimal administrative effort. GFI LANguard acts as a virtual consultant to give you a complete picture of your network set-up, provide risk analysis and help you to maintain a secure and compliant network state faster and more effectively. GFI LANguard assists you with patch management, vulnerability management, network and software auditing, assets inventory, change management and risk and compliance.
IBM Internet Scanner
The IBM Internet Scanner vulnerability assessment application helps provide the foundation for effective network security for your business.
- Minimized business risk. Internet Scanner finds the weak spots in your network to help you secure your critical assets and prevent compromises that may result in the loss of availability, integrity or confidentiality of critical business information.
- Preemptive protection from attacks. By assessing the security of your networked systems and prioritizing remediation tasks, Internet Scanner enables you to address high-risk vulnerabilities before they can be exploited in an attack. In fact, Internet Security Systems (ISS) was recently recognized by IDC as the worldwide market leader in network vulnerability assessment and management.
- Scalability. Whether used as a standalone solution for smaller organizations or combined with SiteProtector for enterprise-sized installations, Internet Scanner enables you to automate scans and prioritize discovered vulnerabilities to deliver the most effective response for your organization.
Internet Scanner helps minimize your risk by identifying the security holes, or vulnerabilities, in your network so you can protect them before an attack occurs.
Lumension™, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets.
Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year.
Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Florida, Utah, Luxembourg, the United Kingdom, Spain, Australia, India, Hong Kong and Singapore. Lumension: IT Secured. Success Optimized.
PatchLink Scan is a complete stand-alone network-based scanning solution that performs a comprehensive external scan all of the devices on your network, including servers, desktop computers, laptops, routers, printers, switches and more. By leveraging the powerful, yet easy to use PatchLink Scan, you are able to identify weaknesses before they are exploited.
Lumension Patch and Remediation
PatchLink Update™ provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of patches throughout your enterprise. PatchLink Update significantly decreases the costs involved in securing your organization from worms, Trojans, viruses and other malicious threats.
The integration of Core Impact and Lumension Patch and Remediation enables administrators to use Core Impact to quickly gain access to computers on their network that are vulnerable, and perhaps have been exploited, and deploy the Lumension Patch and Remediation agent to facilitate quick and easy remediation of that system. Once the Lumension Patch and Remediation agent is installed on the target machine, patches and service packs can be quickly installed along with any other required software or policy settings needed to bring that system back into compliance with local network security policies.
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse, and shop the web more securely. Backed by its unrivaled global threat intelligence, McAfee creates innovative products that empower home users, businesses, the public sector, and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe.
McAfee Vulnerability Manager
McAfee Vulnerability Manager provides fast, precise, and complete insights into vulnerabilities on all of your networked assets. Easy-to-implement Vulnerability Manager readily scales to suit networks from hundreds to millions of nodes. Nonstop global research helps you stay ahead of evolving threats and new vulnerabilities. Our single, actionable, correlated view of your weaknesses and our patented FoundScore risk formula helps you direct remediation efforts where they are needed most.
Qualys, Inc., the leader in on demand vulnerability management and policy compliance, serves more than 2,200 enterprise subscribers around the world including more than 200 of the Forbes Global 2000. QualysGuard Software as a Service (SaaS) solutions help security managers effectively strengthen the security of their networks, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys' cost-effective, on demand technology requires no capital outlay, infrastructure or maintenance and can be deployed in a matter of hours anywhere in the world. Qualys global customers include AXA, DuPont, eBay, ICI Ltd, Kaiser Permanente, Novartis, Oracle and many others. Qualys is headquartered in Redwood Shores, California, with business units in Europe and Asia.
QualysGuard is an on demand vulnerability management and policy compliance solution that enables organizations to assess and manage business risk. QualysGuard automates the network security auditing process across the enterprise both inside and outside the firewall, and across distributed networking environments. QualysGuard provides network discovery and mapping, asset prioritization, centralized reporting, and remediation workflow and verification. Executive-level reports allow security professionals to demonstrate effective security practices and verify compliance with data protection laws and regulations. QualysGuard's on demand technology is far more accurate, cost effective, and easier to deploy than software-based alternatives.
QualysGuard PCI Connect
Core Security is proud to participate in QualysGuard PCI Connect, which is the industry’s first Software-as-as-Service (SaaS) ecosystem for PCI compliance connecting merchants to multiple security solutions in order to document and meet all 12 requirements for PCI DSS. PCI Connect streamlines business operations related to PCI compliance and validation for merchants and acquirers all from a combined collaborative application with automated report sharing and distribution. An integral part of the PCI Connect solution, CORE IMPACT Pro from Core Security Technologies helps merchants to comply with requirement 11.3 of the PCI mandate, which calls for regular penetration testing, through robust, repeatable and measurable assessments of their networks and web applications.
Since its inception in 1998, SAINT Corporation has been developing software products to make network security easy and affordable. Now, celebrating over a decade as a global leader in vulnerability assessment and penetration testing, our customers include high-level government agencies, top colleges and universities, and major financial institutions. Industries and governments all over the world are now using SAINT products and services to manage IT security risk and compliance.
SAINTscanner identifies vulnerabilities on network devices, operating systems, desktop applications, web applications, and more. It detects and fixes possible weaknesses in organizations network’s security before they can be exploited by intruders and demonstrates compliance with current government and industry regulations such as PCI DSS, NERC, FISMA, SOX, GLBA, HIPAA, and COPPA. SAINTscanner™ performs configuration audits with policies defined by FDCC, USGCB, and DISA.
Tenable Network Security
Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
The Nessus® vulnerability scanner is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.
Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats.
Tripwire IP360 is a vulnerability and risk management system enabling thousands of enterprises and government agencies to cost-effectively measure and manage their security risk. Tripwire IP360 sets the industry standard for depth and breadth of discovery and coverage, comprehensively profiling all networked devices and their operating systems, applications and vulnerabilities. Tripwire IP360’s flexible deployment architecture is designed for rapid deployment and ease of management across large, globally distributed networks.
Security Information and Event Management (SIEM)
HP is a leading provider of security and compliance solutions for modern enterprises that want to mitigate risk in their hybrid environments and defend against advanced threats. Based on market leading products from ArcSight, Fortify, and TippingPoint, the HP Security Intelligence and Risk Management (SIRM) Platform uniquely delivers the advanced correlation, application protection, and network defense technology to protect today's applications and IT infrastructures from sophisticated cyber threats.
ArcSight is a leading security information and event management (SIEM) solution for collecting, analyzing and assessing security events. The result is rapid identification, prioritization and response to cybersecurity attacks and insider threats. Only ArcSight correlates users, logs and NetFlow to understand the who, what and where of information security.
Huntsman Security is a global security software company that developed and patented behavior anomaly detection (BAD) technology to anticipate and prevent cyber attacks. With more than a decade of deployment in mission-critical security environments, national intelligence, border protection, banking and infrastructure, Huntsman offers military-grade protection that proactively detects indicators of compromise and allows companies to resolve issues in real-time. Huntsman has offices in North America, Australia, the UK and Japan.
Huntsman Cyber Security Platform
At the heart of the Huntsman Cyber Security Platform lies Huntsman Enterprise SIEM. The technology correlates internal and externally sourced threat information in real time, automating routine pre-analysis and processing to contextualize diverse data sets and prioritize threats that matter. Using rules and behavioral based engines -- rather than relying only on ad hoc query-led data investigation or industry-based patterns – Huntsman® combines machine learning with proven statistical algorithms to instantly and accurately isolate risky anomalies. Key features:
- Real Time instream correlation
- Live security and compliance status dashboards for segmented or whole network threat intelligence
- Proven behavior anomaly detection (BAD) for real-time threat detection and elimination of false positives
- Multi Tenancy & Data Segregation
Recent product innovations
IBM Q1 Labs
Q1 Labs, an IBM company, is a global provider of high-value, cost-effective next-generation security intelligence products. Q1 Labs is a US-based company with headquarters located in Waltham, MA with sales and support offices throughout North America and Europe. The company also has research & development and customer support centers in Belfast, Northern Ireland and in Fredericton, New Brunswick. Q1 Labs was acquired by IBM in October 2011.
QRadar Security Intelligence Platform
The company's flagship product, the QRadar Security Intelligence Platform, integrates previously disparate functions -- including SIEM, risk management, log management, network behavior analytics and security event management -- into a total security intelligence solution, making it the most intelligent, integrated and automated security intelligence solution available. QRadar provides users with crucial visibility into what is occurring with their networks, data centers, and applications to better protect IT assets and meet regulatory requirements.
Web Application Vulnerability Scanning
Core Insight and Core Impact Pro can import and validate the exploitability of results from several web vulnerability scanners.
Acunetix was founded in 2004 to combat the alarming rise in web attacks and today is a market leader in web application security technology. Its flagship product, Acunetix Web Vulnerability Scanner (WVS), is designed to replicate a hacker's methodology to find dangerous vulnerabilities -- like SQL injection and cross site scripting -- before hackers do.
Acunetix Web Vulnerability Manager
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic’s solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs.
HP is a leading provider of security and compliance solutions for the modern enterprise that wants to mitigate risk in their hybrid environment and defend against advanced threats. Based on market leading products from ArcSight, Fortify, and TippingPoint, the HP Security Intelligence Platform uniquely delivers the advanced correlation, application protection, and network defenses to protect today’s hybrid IT infrastructure from sophisticated cyber threats.
HP WebInspect is the industry leading Web application security assessment solution designed to thoroughly analyze today’s complex Web applications and Web services for security vulnerabilities. It delivers broad technology coverage, fast scanning capabilities, extensive vulnerability knowledge, and accurate Web application scanning results. HP WebInspect is an integral part of the HP integrated security testing technologies that uncover real and relevant security vulnerabilities in a way that siloed security testing cannot.
NT OBJECTives (NTO), based in Orange County, California, brings together an innovative collection of top experts in information security and software engineering to develop and provide a comprehensive suite of industry-leading technologies and services to solve the application security challenges of today's global organizations. NTO has created the industry leading, automated technology capable of performing comprehensive and accurate Web Application security scanning solutions.
NTOSpider is the company’s powerful scanning solution designed to be the most comprehensive, fully automated Web application scanner on the market. NTOSpider automates the process of authentication, session management, crawling and attacking. NTOSpider helps security teams as they communicate vulnerabilities to application development teams and work with them to ensure that they are remediated. NTOSpider categorizes vulnerabilities by their root cause, and provides useful and visual reporting to better facilitate remediation efforts.