When I first arrived here almost three years ago, the most exciting aspect of taking on leadership of Core was knowing that the company I was joining wasn’t just a clear leader in its established market, but that it also had the vision and technological underpinnings to do entirely new and exciting things that the world of IT security had never seen before.
With today’s launch of CORE INSIGHT Enterprise, you’re now able to see the culmination of those forces at work. Core is bringing to market the first solution that fits squarely into the security testing and measurement space – a product that fills existing gaps in today’s security infrastructure by addressing IT risk in a manner that’s never before been attempted. Only a few years ago, the process at the heart of our extremely successful CORE IMPACT Pro software solution – penetration testing – was still considered a highly aggressive form of vulnerability management and security validation that most organizations hadn’t considered performing internally.
However, driven by today’s ubiquitous and advanced persistent threats, along with compliance initiatives aimed at addressing those problems, we now have over 1,000 customers – most of which are leaders in their own fields. It’s clear that this form of security testing has evolved rapidly from a specialized art form into an operational requirement. I firmly believe that we now sit on the doorstep of a far more significant opportunity for security testing to change the manner in which organizations are able to understand and subsequently address their security exposures via proactive testing – a movement that employs the same techniques utilized by real-world attackers to gauge risk on a broad and continuous basis.
Today’s CISOs are drowning in a sea of security information. They struggle to communicate risk to other constituencies across their organizations and it remains extremely difficult to assess the resiliency of the many layers of security controls that they’ve already put in place; yet, they know they’re only one data breach away from unemployment, or even worse, a date in a courtroom. They’re being asked to make sense of an increasingly complex, distributed IT security ecosystem that has evolved at a terrifying speed and is largely composed of pieces and processes that were independently created and employed.
At the same time, an entire industry of attackers is threatening at the gates, looking for any and every opportunity to break in; availing themselves of whatever cracks in the perimeter they can take advantage of, including employees themselves, to exploit the gaps that ultimately arise in this existing patchwork of solutions. However, by empowering organizations to test across this entire IT infrastructure in a highly automated fashion, using many of the same techniques that have driven the uptake of penetration testing on an operational level in an entirely new way, INSIGHT Enterprise offers an extremely powerful, relevant alternative for addressing these challenges.
Testing with INSIGHT empowers CISOs to finally get a grip on day-to-day changes in security standing, and to track those shifts in posture over time. Customers can assess their security on a continuous basis, actively seeking out the paths existing between other solutions that attackers are taking advantage of every day. What’s more, the process is made straightforward by putting a specific organizational goal – in the form of a particular system, set of systems, or data set – at the beginning rather than the end of the process. What we’re working on here at Core is not based in marketing or rhetoric; it’s based upon market need and innovation. In fact, Core has just been inducted into SC Magazine’s Innovator’s Hall Of Fame.
Core’s most recent product, CORE INSIGHT Enterprise is the outcome of our company’s investments in innovation, combined with the maturing of process and technology that is as predictable as the ceaseless evolution of the cyber-threats that it seeks to address. We’ve discovered a way to completely transform how organizations approach security testing and measurement by augmenting and expanding a time-honored approach proven to deliver highly valuable results that addresses real-world risks to their most critical IT assets. As highlighted in a recent piece about Core and the evolution of the testing market in Dark Reading, and a podcast that I conducted with CSO Magazine, this approach is already resonating with a wide range of different security experts and practitioners, and other companies are sure to try to follow in our footsteps.
Today, with the official availability of CORE INSIGHT Enterprise, the market for security testing and measurement has been redefined. I hope that you’re as excited and energized as we are to see where it goes as a result and of course to find out comes next.