Core Security Technologies has announced the release of new enhancements to Core Insight Enterprise. This latest version of Core Security’s breakthrough automated security test and measurement solution features new attack simulation and information gathering capabilities, enhanced integration with popular vulnerability scanners, and automated, customized export of testing results. In combination, these new enhancements empower enterprises to more efficiently and effectively understand, validate, communicate and address real security risks to their organizations.
With CORE INSIGHT, customers can continuously identify and prove real-world exposures to critical assets across the entire organization through automated testing of network systems, web applications, and end users in one completely integrated solution. The solution employs groundbreaking technology that proactively replicates the steps attackers would take to breach valuable information assets. CORE INSIGHT Enterprise v1.3 provides IT security leaders with new simulation and discovery features that make it even easier for organizations to obtain a continuous view of IT security risk. New capabilities include:
* Attack path simulation—Using a patented algorithm, INSIGHT generates a simulation of an enterprise environment and displays all the potential paths that an attacker could take and the exploits that could be used. Armed with this knowledge, users can further refine their testing plans, prior to launching the live test.
* Information gathering—Customers can now leverage INSIGHT to independently perform discovery of systems, hosts, open ports and hardware on the network. This data can then be used and compared to subsequent tests to depict infrastructure changes over time.
“With the latest version of CORE INSIGHT we are delivering the real-world business intelligence enterprises need to identify their risks and make better, more informed decisions when it comes to defending their critical assets,” said Jay Schiavo, director, product management at Core Security. “Combined with new integration, flexible reporting and time-saving features, these enhancements further empower our customers to more efficiently and proactively identify and address data breach threats.”
In addition, CORE INSIGHT v1.3 provides new capabilities to enhance integration with popular vulnerability scanning tools, such as those from Qualys and Nessus, and simplifies and automates frequently performed tasks, including:
* Granular management of connectivity to popular vulnerability scanning products—New centralized management capabilities enable users to select and set their level of connectivity to their preferred vulnerability scanning products.
* Seamless, one-click import of vulnerability scanning results—Users can quickly upload vulnerability scanning results directly into INSIGHT to easily validate them using real-world attack techniques.
* Automated export of INSIGHT testing results—Flexible data export capabilities enable users to easily specify the most relevant testing details and the desired frequency for them to receive customized results.
* LDAP integration—Complementing CORE INSIGHT’s existing integration with Active Directory, this enhancement enables users to import email addresses directly from LDAP for more efficient client-side penetration testing to measure their susceptibility to targeted e-mail based attacks such as spear phishing.
* Campaign cloning—To make the campaign creation process even more efficient, INSIGHT now enables users to save and reuse existing test definitions and campaigns, so the information will be pre-populated in future tests and can be edited as needed.