Core Security Automates End-User Security Testing

The latest version of Core Impact targets security against social engineering attacks.

Core Security Technologies has released a new version of its flagship enterprise security assurance testing tool.

With the tool, dubbed Core Impact v7, the Boston-based company is taking aim at social engineering attacks threatening end users and their applications. The new capabilities include an automated client-side RPT (rapid penetration test) methodology implemented with easy-to-use wizards and a new dashboard that provides a real-time view of the companys most comprehensive, reliable and quality-assured exploit database.

Core Security officials said Core Impact v7 makes it easier for security professionals of all skill levels to safely test their endpoint systems as well as their end users and applications, such as Web browsers, mail readers, instant messaging and media players.

"Most companies have instituted security awareness training programs," said Susan Challenger, vice president of marketing at Core Security. "This gives our customers a way to test how successful those programs [are] and where … they need to have remediation training and make sure their end users are aware of what the bad guys are doing."

Hackers are constantly poking and prodding the security defenses of organizations, and enterprises need to make sure they are ready, said Mike Rothman, an analyst with Security Incite.

Core Impacts agent is deployed on-demand and runs in-memory by default to protect the integrity of the tested system, company officials said. In addition, it also now provides an encrypted and authenticated channel with the testing machine and an extensible plug-in architecture and can be easily configured to persist across system reboots for tests that span multiple days.

Core Impact v7 also features a new dashboard interface with a real-time view of a database of exploits. A new online and offline update notification feature informs users when new exploits and utility modules are available for download for their Core Impact software.

To help organizations more effectively address the PCI standards vulnerability management requirements, Core Security has introduced new reporting capabilities in Core Impact v7 to augment, validate and prioritize results from vulnerability scans performed by Payment Card Industry-approved scanning vendors, company officials said.

Core Impact v7 also includes support for Windows Vista and new backup and restore tools aimed at making it easier to migrate Impact to new operating systems or hardware.

"The weakest link is the end user," said Will Aguilar, senior product manager at Core Security. "What weve done in v7 is really focus on the end-user piece of it."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.