Core Updates Automated Pen Testing

 
 
By Matt Hines  |  Posted 2006-12-18
 
 
 

Automated penetration testing software maker Core Security released the latest version of its flagship product line on Dec. 18, promising new capabilities used to probe IT networks for potential vulnerabilities.

Dubbed Core Impact 6.2, the second of two yearly updates of the software from Boston-based Core promises new tools designed to help administrators test the likelihood that users will cooperate with threats that demand interaction, or so-called social engineering attacks.

The updated product also boasts added authentication controls for security administrators, expanded information gathering features and support for Microsofts newest Internet Explorer 7 Web browser.

Designed to replace pen testing services traditionally provided by external consultants, the Core Impact 6.2 release aims to take the companys client-side security assessment one step further by trying to help enterprises account for the human element.

As so many attacks require user interaction, such as pointing a browser to an infected Web site or opening an e-mail attachment, the software has added new tools that allow administrators to test if specific users are putting their companies at risk.

"Weve seen the trend of attacks moving closer and closer to the end user, and people are being confronted with more variations of these types of attacks every day, some of which are being carried out via legitimate sites like MySpace," said Max Caceres, director of product management at Core Security.

"Companies need the ability to see what is able to get through and adjust their defenses accordingly."

Using the new features, which include specially crafted e-mail messages designed to mimic sophisticated virus and phishing attacks, organizations can identify which types of workers pose the greatest security risk while identifying weak points in their existing network and applications infrastructures.

To help ensure improved security related to the penetration testing process, Core has also added new authentication and encryption features into its software agent. With the ability to run without the installation of additional software on a computer compromised by the scanning agent, the feature allows administrators to configure testing to their liking and prevent the risk of affecting other devices with their penetration attacks.

Other new features include extensions to the softwares Rapid Penetration Test mode, which has been linked to Cores fast port scanning engine for improved network vulnerability discovery.

Phishers attack MySpace with QuickTime exploit worm. Click here to read more.

The combination of the tools allows administrators to scan a wider variety of TCP ports and improve their chances of virus host detection in situations where network filtering is being utilized, the company said.

The products configuration interface has also been consolidated into a centralized set of controls, with the ability for users to make an increased number of global modifications.

At $25,000 for a single license, Core Impact 6 is considered a pricey but effective tool for midsize and large enterprises that require frequent security auditing.

Caceres said that most large companies are doing a better job of identifying and fixing vulnerabilities these days, but that newly-emerging client-side attacks pose an increasingly prevalent threat.

"The client side remain a huge challenge for almost everyone, especially as we see these MySpace-type attacks that wont be caught by traditional filters; the reality is that attackers are still getting control of individual machines, which ends up allowing them to do a lot of damage on the network," Caceres said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.

Rocket Fuel