Essentials Bundle – Fortra VM and Core Impact

Fortra Vulnerability Management (formerly Frontline VM) and Core Impact offer distinct but complementary approaches to infrastructure security. Fortra VM, a SaaS-based vulnerability management platform, specializes in intelligent network scanning and vulnerability prioritization. Core Impact, an automated penetration testing tool, focuses on simulating the exploitation of vulnerabilities and subsequent lateral movement across different environments, validating the impact of identified vulnerabilities.   

Shared Focus on Risk Mitigation

Text

While Fortra VM and Core Impact address different aspects of cybersecurity assessment, they share a common goal: reducing risk.  This shared focus manifests in several key areas:  

Target Scope  

Both tools deal with defining and managing the scope of testing or scanning.

  • Fortra VM: Allows users to define scan targets by IP address, hostname, or asset groups, enabling focused scans of specific network segments or systems.  
  • Core Impact: Allows penetration testers to define the scope of their tests by targeting specific systems, networks, or applications based on the objectives of the engagement.  

Prioritization  

  • Fortra VM: Utilizes threat intelligence and proprietary methods to rank vulnerabilities, providing context needed for businesses to establish their own risk appetite.  
  • Core Impact: Employs imported scanner data and exploitation capabilities to determine how much risk vulnerabilities could pose to that specific environment.  

Reporting  

  •  Fortra VM: Customizable vulnerability and patch management reports with granular filtering for compliance and specific needs.  
  • Core Impact: Tracks and logs all actions taken during a testing session, including actions taken on remote hosts. Automatically generates reports from logged testing activities, detailing actions on target systems.  

Seamlessly Integrating Vulnerability Management and Penetration Testing

Text

Combining vulnerability management and pen testing provides the essentials needed to proactively protect IT environments. This bundled approach offers distinct advantages, including:  

Vulnerability Validation

  • Import Scanner Data: Core Impact can import vulnerability scan data directly from Fortra VM. 

  • One-Step Validation: Core Impact can attempt to exploit imported vulnerabilities through an automated test. 

  • Impact Identification: Successful exploitation will reveal which business-critical assets and data are accessible to threat actors. 

  • Real-World Risk Context: This combined approach provides real-world context for identified vulnerabilities, allowing security teams to understand the actual risk posed to their environment. 

More Product Details

Text

Fortra Vulnerability Management 

Fortra VM offers automated vulnerability scanning and analysis capabilities for network infrastructure. This allows for continuous monitoring as well as the identification, prioritization, and tracking of security weaknesses. 

  • Risk Scoring: Calculates Security GPA based on vulnerability severity impacting asset confidentiality, integrity, and availability. Asset ratings are derived from highest-level vulnerabilities discovered on a given asset. 
  • Active View Dashboard: Aggregates network vulnerability data from past scans for a holistic overview of an environment’s security status. Tracks vulnerability trends, including age and remediation time. 
  • Vulnerability Details: Provides in-depth information on identified vulnerabilities, including proof of existence (instance data), class, severity, and remediation guidance (when available). 
  • Scheduled Scanning: Automates vulnerability scans with user-defined schedules and scan types (application discovery, host discovery, port scanning). Reduces both the time investment and the risk of inconsistencies associated with manual processes. 

 

Core Impact Pen Testing Software 

Core Impact enables security teams to understand the exploitability of vulnerabilities and their potential impact on critical assets to help determine the efficacy of an infrastructure’s security controls. 

  • Automated Testing:  Uses Rapid Penetration Tests (RPTs), intuitive wizards that provide step-by-step guidance to help simplify testing, including information gathering, initial attacks, privilege escalation, and vulnerability validation. 
  • Vulnerability Exploitation: Leverages a certified exploit library to simulate real-world attack techniques to assess weaknesses and identify attack paths to critical assets in networks, web applications, endpoints, Wi-Fi, and SCADA systems. 
  • Multi-Vector Testing: Facilitates multi-vector penetration testing, including network exploitation (systems, hosts, devices), web application testing (crawling, pivoting, exploit confirmation), and client-side social engineering (phishing campaigns for credential harvesting). 
  • Remediation Validation:  Stores previous testing sessions, which can be quickly and easily rerun in order to validate that remediation efforts, such as new compensating controls, are effective.