Penetration testing is a critical practice that helps organizations determine their security posture by uncovering and exploiting security weaknesses, demonstrating how an attacker may breach their IT environment. Oftentimes, independent security firms are brought in to help organizations with these efforts to prioritize security, either by conducting a primary assessment or validating an in-house team’s findings.
For example, Advanced Threat Analysis Inc. (ATA) is a specialized risk management and security consulting company that helps other organizations protect their data and infrastructure with remote and on-site evaluations, focusing primarily on network and web application tests. ATA has customers across industries, including all levels of government.
In business since 2012, ATA has found success in their field by always looking for ways to enhance their pen testing techniques and streamline processes.
As a busy consulting firm with multiple clients, effective time management is vital to the success of the business. ATA needs to be efficient in order to keep up with their workload, and at the same time they also need to conduct effective, reliable tests that provide useful information to their clients.
As a third-party tester, ATA is constantly testing different environments. Much of the time, each new infrastructure requires a number of standard, necessary tests. Such testing is not only repetitive, it’s also quite time consuming when run manually. Given the time constraints of a third-party, it can be challenging to dive deeper and complete more complex tests if so much time has to be spent conducting these routine tests.
Despite using penetration testing tools like Metasploit Pro, Roger Colón, Jr., Chief Information Security Officer for ATA, felt there was still a significant amount of manual effort that was unnecessary and time consuming. This tedious, manual testing decreased efficiency and was difficult to standardize a consistent, simple process that could be easily replicated and completed without constant supervision.
What ATA needed was a tool with automation capabilities that truly sped up the process.
Dissatisfied with their current solution, Colón started to explore his options. He had worked with Core Impact years prior while working for a large federal institution but feared its price tag would put it out the budget range for his growing consulting firm.
When researching different solutions to improve efficiency, Core Impact still came top of mind. Learning of a new Core Impact license and pricing model from Core Security made it a perfect fit for both his needs and budget. “I was looking for automations that could really save time, so Core Impact made sense, as I already knew it was effective. With the changes the company made to make the license options more flexible and accessible, Core Impact was the clear and easy choice.”
Core Impact allows pen testers at ATA to discover, test, and report on any security weaknesses in a fraction of the time. Its Rapid Penetration Tests (RPTs) provide accessible automations designed to optimize the process for network, web application, and client-side testing.
Though ATA only recently installed Core Impact, after a smooth deployment, it’s already being put to good use and saving time. Colón has already taken advantage of its rapid testing capabilities to gather intelligence and exploit vulnerabilities with the aid of Core Impact’s expert validated exploit library. “What takes us three hours to do manually takes ten minutes with an automated tool like Core Impact, so it makes my day easier,” he noted.
In addition to exploring different exploit options for network and web applications, he has also been able to import data from different vulnerability scanners for vulnerability validation. Eventually, he hopes to explore Core Impact’s client-side test, which include tailoring and deploying phishing campaign simulations.
Because of its decision to leverage Core Impact, ATA has been able to standardize and streamline its penetration testing approach, allowing the organization to continue to effectively assess security for their clients with added ease and efficiency.
“What takes us three hours to do manually takes ten minutes with an automated tool like Core Impact, so it makes my day easier."
See Core Impact in Action
Conduct advanced penetration tests with ease and efficiency. See what our powerful penetration testing platform can do by viewing this on-demand demo.