Blog | Core Security

Cyber Security Awareness and Vulnerabilities Blog

Digital lockpad inside circle

The Lifecycle of a Security Event

As a syslog server incessantly pings with every security notification, security teams can feel as though they are drowning in a sea of security warnings. Without a SIEM, it’s difficult to know which events are truly critical and which can be ignored. However, when a SIEM has been implemented, security teams get a much clearer picture of their environment’s security. There could truly be no threats, or multiple incidents may be occurring that simply have not yet affected performance.

The Six Ws of Granular Access Control

Security experts are in general agreement that passwords will simply no longer suffice when it comes to system security. As the numerous breaches within the past years have shown, it is too easy to crack passwords and gain access to all the data across entire systems. So, what can an organization do to better protect its systems? This is where granular access controls, a key feature in certain privileged access management solutions come in. 
Security icons

Open Source SIEM vs. Enterprise-Level SIEM: Which Is Right for You?

Open source SIEM solutions provide basic functionality that can be great for smaller organizations that are just beginning to log and analyze their security event data. But over time, many IT pros find that open source SIEM software is too labor-intensive to be a viable option as the organization grows. In short, many organizations simply outgrow their open source solution.
Digital Key

What Are the Three Most Common Access Risks?

These days it seems like there are security solutions for almost everything except the one thing you can never fully secure: humans. But while you can’t control everything they open or click on, you can control their access to your sensitive data.
Data Security

Are Employees Undermining Your Data Breach Defenses from the Inside?

The annual Verizon Data Breach Report 2018 was released recently, and gives an independent, worldwide view of how market sectors are being attacked, scammed, spied on, and ransomed. 
Man looking at a computer

How to Solve the Top Three Struggles of Identity Governance and Administration

Identity Governance and Administration (IGA) is a complex and growing set of solutions that are put in place to help your organization stay compliant with government or industry regulations and, perhaps more importantly, help secure your organization. However, with every new solution, there are a host of new problems. In working with our IGA customers, we keep seeing certain problems emerge so, in this blog, we will address the top three struggles of an IGA solution that we see most often.
Virus Protection

4 Reasons You Need Native Linux Virus Scanning

In today’s connected environments, Linux IT professionals can no longer claim that viruses are only a Windows threat. The biggest excuse people make for forgoing virus protection is that they scan their client PCs and therefore no virus would make it to the server. However, effective malware defense requires multiple layers. This brings us to the importance of native virus scanning. The following highlights the four main reasons security experts give for using antivirus software that runs natively on your Linux system.

How to Pen-Test with Core Impact

When conducting a penetration test, most testers will develop some type of process, and repeat that same process on every engagement. As I think through the basics of penetration testing, I believe that process can be broken up into six steps. Now, I’m not saying every tester follows every step or performs these steps in this exact order, however, this is a pretty good process to follow. Let’s take a closer look at each step.
Performance gears

Do I Need Identity Governance & Administration (IGA)?

Identity Governance & Administration (IGA) is commonly defined as 'the policy-based centralized orchestration of user identity management and access control.' Identity governance helps support overall IT security and regulatory compliance. Put into simpler terms, IGA means leveraging the most intelligent and efficient path to mitigating identity risk in your business. 
IT Security

Security So Easy, A Sales Guy Can Do It

Much like how I complain that I’m not losing weight - even though my treadmill has become a clothing rack- security only works if you use it. And, yes, I know I picked on the sales guys (and girls) in the title but, your security has to be easy enough to use and understand that anyone in the organization can use it, no matter their level of security training. I have heard multiple reports from our customers in healthcare that have implemented comprehensive and costly software to help keep their PHI data safe on all devices and across all networks. The problem?
IT Security

SAO vs. SIEM: Not Enemies, But a Security Defending Duo

Security Information and Event Management (SIEM) solutions have been with us for more than a decade. Recently, Security Automation and Orchestration (SAO) products have moved into the spotlight, causing many to wonder if the days of SIEM are numbered. However, as both products continue to evolve, it’s becoming clear that it is less a matter of SAO vs. SIEM, but instead SAO and SIEM.
Cloud Security

How SIEM Protects Cloud Servers

IT professionals everywhere are taking a good look at security information and event management (SIEM) applications to help them oversee their vast technology infrastructures. What once were IT stacks housed solely on premises now include increased expansion into cloud repositories, resulting in the prevalence of hybrid approaches. The ability to monitor security across these wide-reaching environments has never been harder—or more paramount.

Introducing Access Assurance Suite 9.1

Today, we are thrilled to announce the next step in our Identity Governance and Administration journey, the release of Core Access Assurance Suite 9.1. While not a major release, AAS 9.1 includes updated UX and UI changes which show our continued commitment to visualizing IGA. The Access Assurance Suite 9.1 release follows a visual-first approach, with a new user interface for managing access and a new menu style which provides more space and clarity.
IT Security

Assess the Effectiveness of Your Security Controls with Penetration Testing

It’s important for all organizations to periodically assess and test security vulnerabilities, to better evaluate risk and be ready to detect, prevent and respond to threats as they happen. Vulnerability assessments, penetration tests and Red Teams help you identify and prioritize security risks, which also improves your overall security posture. Gartner recently released a detailed research report covering the use of penetration testing and Red Teams. The report describes the processes and suggests ways that organizations can use them to reduce risk.

Ransomware Hits the City of Atlanta

On March 22, the city of Atlanta was brought to its knees by a ransomware attack. CNN reported that the malicious incident affected at least five of the city’s municipal departments, effectively locking down key functions for the police, courts, and more. The attackers asked for the $51,000 ransom to be paid in the bitcoin cryptocurrency.

What Tesla’s Cryptojack Attack Means for the Rest of Us

In February, Fortune, Wired, and other media outlets reported that hackers worked their way into automaker Tesla’s Amazon Web Services (AWS®) cloud account to mine for cryptocurrency. These so-called “cryptojacking” attacks are on the rise in concert with escalating cryptocurrency prices, prompting hackers to gain access to company networks to generate these virtual forms of tender.

The Latest Exploits Shipped to Core Impact 18.1

Summary for all of the exploits and updates shipped to Core Impact 18.1 since its release (on Feb 14th): 14 Updates Overall 3 Remote Exploits 5 Client-Side Exploits 3 Local Exploits 3 Product Updates Here is the list of published updates:
Cloud Security

Eight Steps Toward a Secure Hybrid Cloud Environment

Your business may already use an extensive cloud environment—or maybe you’re just evaluating your options for spinning up a single cloud server. Either way, this guide is your sanity check for aligning the security policies in place for your on-premise and cloud technology to protect data (and your company) from internal and external threats. Synchronized policies not only strengthen the security of data, but they also effectively enable your organization to maintain operations and prepare for regulatory audits.
Cloud Security

With Public Cloud OS Instances Growing, Security Challenges Grow, Too

“Some cloud vendors tout that systems deployed within their framework require little or no administration: You create an image with the software and applications that you want it to provide services for, spin it up in a management console, and Voila! you have an entirely new system online; with minimal cost, no hassle, little work. However, even with newer models for virtualization appearing on the horizon, this is not exactly how things are actually used today.”  

Perspectives on the Changing Linux Ecosystem

In the early 1990s the Open Software Foundation formed a committee to select and standardize a new Management Platform Toolset for and from the UNIX ecosystem. After much soul searching over a few months the OSF Management Platform never arrived. One of the committee, from the team that invented The Newcastle Connection (1980s *NIX history, go Google it) made a compelling presentation explaining why they failed. He spent the next 40 minutes wearing two hats, an exquisite red silk Chinese mandarin hat (with feather), and a green canvas guerrilla cap.

Customizable Reports with Core Impact

Today we're sharing how to use the customizable reports functionality available in Core Impact. In order to generate such agents, we'll use the "Network Report Generation" wizard. From the list of available reports, filter for type "spreadsheet" and select "Network Host Report". When clicking on "Duplicate" we'll get the prompt for a new report name. The new report can then be customized by selecting the "Edit" option.

New Release - Core Impact 18.1

It is our mission to continue to produce the most effective and efficient security products and services on the market. Today, I am happy to announce the release of Core Impact 18.1, our market leading penetration testing solution – where we put the focus on enabling user-testing and social engineering.
What is?

Security Answers in Plain English: What is a Man-in-the-Middle Attack?

"I heard on the news about how some sites and mobile apps are vulnerable to Man-in-the-Middle attacks. What is a Man-In-The-Middle Attack, how does it work, and how can I protect myself?" Man-in-the-Middle (MitM) attacks are basically one website stepping in-between you and a legitimate website so that whatever you do on the legitimate website can be seen and stolen by the attacker who owns the site in the middle. There are two common ways this happens:

Lessons Learned at Gartner Identity and Access Management Summit 2017

More than 1,800 delegates from companies around the globe converged last week in Las Vegas for Gartner’s annual Identity and Access Management (IAM) Summit. Gartner IAM is unique in that it is solely focused on identity and access management rather than covering all areas of security. 

Tips for Success with Access Assurance Suite

So you’re using Core Access Assurance Suite (AAS). Maybe you’ve been using it for a while and have a routine down – but there may be ways to make your experience with this program even better. Every now and then it’s important to reassess the tools you are using to see how you can get more out of them. Today’s post is to share a few tips to help create a better user experience with the product through regular maintenance activities.