As our teams in the NFL took to the field again this week, Core was preparing to send the final beta version of CORE INSIGHT Enterprise to its customers.
As a New England Patriots season ticket holder, this past weekend held a great deal of excitement for me as we finally took to the gridiron again, seeking another championship after a long summer of practice and training. Much the same, I’ve been every bit as excited in looking forward to this week’s introduction of the Core INSIGHT Enterprise Beta. It’s very gratifying for our team to get it ready to ship after spending those same months working closely with our dedicated Alpha customers to bring this new solution to market – one we feel can be a true game-changer in the world of IT security testing and measurement.
If you’ve been following along with our preseason (though there was no “Hard Knocks: Core Security” available on HBO, sorry…) we announced the Beta recruitment program over the summer and the response we had was tremendous. We were quickly oversubscribed and had to start a waiting list, and some very impressive people from highly respected organizations have joined with us in shaping this product. Just as the NFL teams that ran out of the tunnel onto the field this weekend were the result of long-hours shared among players, coaches and management in attempting to build the foundation for a Super Bowl title, the release of the INSIGHT Beta today represents the culmination of close work between our diverse group of customer advisors and our product engineering team, among others, to make sure that the product will deliver on its promise. That value INSIGHT provides is to empower organizations to understand their IT security risks in a new way that also informs the parts of their organization without domain expertise to better understand their role in the larger process of protecting electronic data and other sensitive IT assets – all while providing dedicated security professionals with the specific details required to identify and address individual points of risk. Much as today’s professional football teams spend countless hours reviewing game film of themselves and their opponents, constantly looking for clues that reveal new truths about their respective strengths and weaknesses, the information INSIGHT provides will allow IT security management and business leaders to work more closely together to make informed decisions about security prioritization and investment.
A Smarter IT Security Game Plan
To achieve this we’ve built a product that uses automated and continuous security testing, combined with data connectors that integrate INSIGHT to other parts of the security infrastructure, along with flexible data presentation that allows for these dual high-level and operational viewpoints into security posture. Testing using INSIGHT is goal-based so that it can target the specific critical assets that matter most to a given organization from an IT security standpoint, and results can be expressed in technical details, in plain-old English, or in other business-relevant terms. And just as today’s NFL front offices are constantly looking for new stats that will allow them to predict which players will prove most successful in their particular systems, we feel that the security language of CVEs and vulnerabilities is changed by INSIGHT in such a way that there will more understandable business metrics that that tells organizations about the paths of potential breach exist to their sensitive databases or IT systems, not just big lists of stuff to fix without context. Like constantly blitzing your offensive line during practice to see where holes exist that will allow defenses to swarm the quarterback, INSIGHT arms organizations with the capability to know how their PII (or any other critical target) can be reached, and the numbers of possible penetration points along the way to this potential breach.
Think of INSIGHT as your own scout team offense safely scrimmaging against your defense to get it ready for the real test in the big game (or your network in this case). With the beta launch, we’re now well on the way to delivering this new way of looking at security posture that’s highly complementary to existing security management technology and fills the gap present between SIEM (Security Information and/or Event Management) and IT-GRC (Governance, Risk, and Compliance) products. Those solutions were never designed to allow for regular, proactive testing and measurement of security standing in relation to real-world threats, and not having the answer to that challenge is one of the most pressing problems facing IT security teams today. The important questions we all care about that INSIGHT can answer are: How do I know if my security infrastructure and processes will truly protect me from advanced attacks? How to I validate and test that? How do I measure that my security controls, and get information that helps me make the right IT security investment decisions for my company’s level of risk tolerance?
Like the film from last week’s game allows coaches to review their team’s performance, SIEM might tell you if you were attacked, and what happened at that time, and IT-GRC data presentation engines help report existing security data for compliance – but neither breed of solution can, or was intended to, assess precisely how your IT security infrastructure will respond to attacks, and illustrate that portion of the security picture before something bad ever happens. The Beta product is our first delivery on that vision, or perhaps better framed as our initial INSIGHT into how the market responds to what we’ve built. We look forward to its general availability and the opportunity to achieve broader recognition of how the product can truly change the way that security management looks at matters of exposure, vulnerability and risk – right down to its very Core. (Yup, I went there, twice.) Admittedly, perhaps making Beta available to our program participants is more analogous to the start of the NFL pre-season than it is to the regular season, as our finished product won’t actually take to the field for a few more months when G.A. arrives. But the message from Core to the rest of the world in this product launch is the same, regardless of the fact that we’re still making some final tweaks to its internal roster: