Core Insight Enterprise identifies critical systems in the business and runs a series of automated penetration tests to verify security controls.
Core Security Technologies introduced Core Insight
Enterprise, an automated penetration test suite with risk assessment
Like its flagship product Core Impact Pro, Core Insight
Enterprise, released Dec. 13, allows organizations to launch multiple
automated penetration tests to discover vulnerabilities in "critical
campaigns" and "critical assets," Mark Hatton, CEO
of Core Security, told eWEEK.
Like Pro, the security professionals will still be able
to use Insight to test and validate systems, but Insight's chief strength lies
in providing CIOs and other "security operations professionals" who manage
with a dashboardlike view of the organization's "most critical"
systems and data assets, said Hatton.
"Not only do I want to test more systems, I want to
look at all that information and assets in a more proactive way," said
Insight organizes tests in "campaigns," or a
specific systems and data the company wants to protect, such as protecting Social
Security numbers from being leaked, said Hatton. Insight then executes various
penetration tests on the campaign to validate whether or not the system
controls are working and that the data is secure, he said. If a test fails
because it finds a logical path to steal that data, the manager receives that
information in a context that readily allows a risk
, Hatton said.
With Pro, the tester understood the system was
vulnerable, but there was no easy way of understanding "what being able to
attack the system" meant for the enterprise, said Hatton. Insight speeds
up the process of taking the failed test and working back to figure out the
business implications of the failed test, Hatton said.
"For forward-leaning organizations-those that do
internal penetration testing-this is a great way to take advantage of technical
analysis to improve their ability to use, and understand, pen testing data,"
said Paul Proctor, vice president of security and risk management for Gartner.
The test results are displayed in a network diagram that
shows both successful and failed attack paths, Hatton said. Both the CIO
and security team can look at the results and see the path of attack that
compromised the system, all the other systems along the path that were also
compromised and the actual vulnerability.
With Insight, CIOs can see the multiple threat vectors
and potential paths that need to be remediated to fix specific business
"It's what vulnerability management is intended to
do: effectively look at potential vulnerabilities, test and, to the extent they
for you, remediate them in a relatively short period of time,"
The dashboard provides high-level views that provide
up-to-date status for each campaign. If a system vulnerability is affecting a
campaign, the manager can then drill down for more details. There are ways to
view the security health of the organization over time, as well as see the
results of actions taken, such as adding a new system to the network or
applying a patch, said Hatton.
"I know which assets to protect, and I need to focus
on these tasks," said Hatton.
Core Security conducted an alpha test primarily with its
existing customers in June before expanding the tests to include noncustomers
in September, said Hatton. The companies that test drove Insight were from
various industry sectors, including financial services, manufacturing and
retail, he said.
Financial services firms tend to rely on multiple
technologies to help meet compliance requirements, so the ability to integrate
logs and events data from other systems as well as Core Insight was critical,
said Hatton. Core Insight has a series of built-in connectors to common
management products such as patch management and asset management systems, he
Last week, Core announced the latest version of Core
Impact Pro, which now has new capabilities such as the ability to detect and
exploit network router and switch vulnerabilities, import Web vulnerability
scan results, and validate them for exploitability. It also includes new tests
to exploit cross-site scripting vulnerabilities and replicate wireless