Resources
Case Study

Cigna-HealthSpring

Overview Cigna-HealthSpring chose Core Security to help the organization focus on maintaining compliance with federal regulations such as HIPAA, HITECH and SarbanesOxley while automating the user access process. With Compliance and Access Request, CignaHealthSpring can now: Automate manual user access review processes Easily analyze, review and certify user access enterprise-wide Protect...
IGA
Case Study

Banking Customer

Overview With Core Security, the banking customer: Achieved “go-live” status within five months of project launch Streamlined operational and business processes associated with on-boarding and off-boarding staff Leveraged role-based provisioning to grant employee access by job code Demonstrated policy and regulatory compliance, including recognition by external auditors of adherence to process ...
IGA
Case Study

Auto Parts Manufacturer

Overview With Core Security’s Identity Governance & Administration solution, the customer: Successfully implemented self-service password reset and automated user provisioning within a 6-month, deadline-driven time frame. Achieved automated routine access removal for terminated employees. Improved efficiency and user productivity through elimination of paper form processing. ...
IGA
Security Tips
Blog

Phishing: What Does It Look Like and How to Avoid It

Fri, 05/22/2020
According to the Anti-Phishing Work Group, 1.2 million individual phishing attacks took place in 2016 – a 65% increase from the year before. These attacks have been mentioned across all industries and the most recent Verizon Wireless Data Breach Report states that 95% of phishing attacks that led to a breach were followed by some sort of software installation- usually malware. Phishing is no...
Phishing
Blog

10 Reasons You Should Be Pen Testing

Fri, 05/22/2020
You may know that you need to penetration test your organization for the sake of compliance - but there is more to gain from a pen-test than just adhering to set regulations to avoid a fine. We've compiled a list of reasons to pen-test your infrastructure to help your company operate out of a healthy security posture. 1. Real Work Experience Penetration tests should be done without alerting...
Penetration Testing
Blog

Lessen the Blow of Ransomware or Social Engineering – Phish Your Users

Fri, 05/22/2020
So I know that everyone was worried about WannaCry and the Ransomware epidemic that we just had. Though this type of attack isn’t new, this one particular instance got so much attention because it was such a large attack and affected many in the world. Many organizations immediately started researching with their security vendors how to detect, deter and remediate…Sound familiar? Yeah, that’s Core...
Penetration Testing
Security Tips
Blog

How to Think Like an Attacker: Advice from the (Not So) Dark Side

Fri, 05/22/2020
We spend a lot of time talking around and about bad actors, but what if we sourced them to teach us about this industry instead? We know they exist and we know they’re working towards obtaining the sensitive data on our networks. But how do their minds work and how do they work differently than those on the ethical side of hacking? Let’s look at what sets bad actors apart and how you can leverage...
Penetration Testing
IT Team
Blog

The 4 Questions to Ask Your Security Consultants

Fri, 05/22/2020
While it can be nerve-wracking letting someone into a portion of your organization, look at it as though you are actually taking back control. Enlisting the help of trained and experienced experts is nothing to be ashamed of – if anything, this could be the smartest thing you do for your company. However, before completely letting go of the reigns here are some questions to ask so that you know...
Blog

Before You Download: Penetration Testing Your Applications

Fri, 05/22/2020
Each day we are being inundated with information. This could be in the form of ads, articles or a new tool to use that will surely make our lives easier. While these applications could be very useful to the organization, they could also be the cause of breaches or the unlawful capture of your personal or business information. But there’s a way to ensure the programs you are downloading to your...
Penetration Testing
Blog

Petya - What Really Happened

Fri, 05/22/2020
There has been a lot of information shared this week around the Petya “ransomware” virus. I put this in quotes because, just as with most attacks, once you dive in and get more information you find out that everything is not as it seems. The problem is that with the confusion going on around Petya on Tuesday there was a large amount of misinformation just as with WannaCry. After the dust settled...
Threat Detection
Blog

3 Questions to Ask About Vulnerability Management

Fri, 05/22/2020
Vulnerability management is becoming a standard industry practice and, as such, is included in most regulatory compliance rules as a quick and easy path to threat remediation. However, the reality is that most companies are not actually managing vulnerabilities, but rather conducting scans that produce thousands of potential threats. Identifying possible security risks and actually managing them...
Threat Detection
Blog

How to Build a Red Team

Fri, 05/22/2020
From phishing scams to ransomware, cyber-attacks are growing every day. But something else is growing too – as in the number of Red Teams being built by organizations just like yours. But is a Red Team right for you? Red Teams SANS defines a Red Team as “a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data...
Red Team
Blog

New Release - Core Impact 2017 R2

Fri, 05/22/2020
After months of hard work by our outstanding team, I am pleased to announce the release of Core Impact 2017 R2 – the comprehensive software solution for identifying, assessing and testing security vulnerabilities that attackers will exploit. With Core Impact you are able to identify the most pressing cyber risks to your organization by using this tool that enables you to think, and act, like an...
Penetration Testing
Blog

Are you prepared for DFARS?

Fri, 05/22/2020
For several years the Department of Defense (DoD) has been focused on protecting controlled and unclassified information. Seven years ago, around November 2010, the White House issued Executive Order 13556 that established an open and consistent program across all civilian and defense agencies for managing information. The issue this Executive Order was trying to rectify was that departments...
Compliance
Blog

Benefits of Core Impact

Fri, 05/22/2020
It's true - we've had a lot of updates and releases for Core Impact over the past month. From the New Named User Pricing to the continued improvements being shipped to Core Impact and just this past week the new release of Core Impact 2017 R2 - there's been a lot happening. But trust that the product is still the most comprehensive solution for assessing and testing security vulnerabilities within...
Penetration Testing
IT Security
Blog

Healthcare’s Unique Cyber Security Challenges

Fri, 05/22/2020
It’s no secret that healthcare organizations are constantly in the crosshairs of cyber criminals. One of the reasons healthcare records are 30 times more valuable than financial records is because they contain full identity profiles – including your social security number which is the gateway to acquiring any and all of your personal information. According to data gathered by the United States...
Blog

Protecting Your Organization From Phishing Schemes: Tips From the FBI

Fri, 05/22/2020
It’s not just the bad actors that we at Core Security want to protect you from – we also want to protect you from yourself. It’s all hands on deck when it comes to securing your systems and the systems you interact with on a daily basis. Everyone personally has, on average, four devices to keep track of - all with different accounts (or even the same) on each with a plethora of passwords to...
Digital lockpad inside circle
Blog

Why Hacking Your Network Is a Good Idea

Fri, 05/22/2020
The terms “hacking” and “hackers” often get a bad reputation. This tends to have a fairly negative connotation because of the nature these words are often used in. I’d like to think I’m not alone in envisioning some scary guy hanging out in a dark room in a black hoodie trying to break into my bank to steal my credentials or money for that matter. The way we perceive and hear “hacker” in the media...
Penetration Testing