Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Emerging CAG Standard Recognises Impact Pro as Valid Tool For Pro-Active Defence

Core Security Technologies : 02 April, 2010  (New Product)
Penetration testing system from Core Security Technologies gains recognition from SANS Institute as meeting requirements for the Consensus Audit Guidelines
Core Security Technologies has announced that Core Impact Pro has become the first solution to gain official recognition from Consensus Audit Guidelines (CAG) co-authors SANS Institute as user approved in addressing the security standard's specific assessment requirements.

Developed by a consortium of influential US government agencies and their private sector partners - including the Department of Defence, Department of Energy, FBI and US-CERT, along with NIST and SANS - the CAG's set of 20 Critical Security Controls recommend cyber-security processes that are tacitly proactive and can "inform defence" of actual attacks that have compromised systems, or those that could transpire to do so.

Impact Pro is currently the only solution listed by SANS as having been confirmed by end user organizations to automate compliance with CAG Control 17, which specifically recommends that organizations conduct penetration tests on a regular basis to identify exploitable vulnerabilities and attack vectors. Impact Pro also allows organizations to validate and prove the effectiveness of many other mandated CAG Controls, including a wide range of defensive mechanisms.

For internal Red Teams, flexible testing capabilities extend from the product's fully-automated RPT (Rapid Penetration Test) to the ability for users to script and save custom exploit code, lend speed and consistency to the work of experienced assessment professionals.

"Leading IT security industry practitioners and policy-makers continue to reinforce that automated penetration testing is one of the most effective methods for identifying and prioritizing real-world risks, as well as testing and benchmarking the efficacy of other mandated security controls," said Mark Hatton, CEO of Core Security. "The fact that we're the only company endorsed by organizations working to comply with the CAG for performing regular internal assessments and validating other required controls speaks to our continued market leadership in this space."

Core Impact Pro allows organizations to directly address CAG Control 17 by:

* Providing the ability to perform ongoing penetration testing of Web applications, network systems, endpoints and email users, and to simulate both external and internal attacks.
* Automating many of the time-consuming tasks involved in manual pen testing and reporting functions, and allowing testers to add, expand and/or customize onboard exploit code via an extensible Python interface.
* Proving weaknesses, possible violations and potential improvements required in many of the other Critical Control areas - including validation of vulnerability scans.

In order to gain approval for SANS' list of "User Vetted Tools" for CAG automation, Core Security was required to furnish a customer-sponsored case study detailing a government organization's use of Impact Pro in meeting the terms of the involved control.

"Organizations need to concede that their defenses cannot stop every attack and instead take the approach of assuming that networks, endpoints and applications have been compromised and will likely be again," said the customer, a senior security engineer with a US government agency. "Penetration testing is highly complementary to scanning and other vulnerability management practices as it allows you to gain insight into which issues truly represent your most important points of exposure in direct relation to real-world attacks."

In addition to meeting the assessment requirements laid out in Critical Control 17, Impact Pro also allows customers to perform consistent periodic validation and testing of other mandated CAG requirements and translate the mountains of information produced by other security and compliance solutions into actionable data that informs remediation.

For example, Impact Pro enables organizations to prove the validity of Applications Software Security mechanisms established in CAG Critical Control 7, which calls for deployment of web application firewalls to inspect all traffic for potential threats including Cross-Site Scripting and SQL injection. Impact Pro allows organizations to proactively assess Web applications and test those firewalls ability to catch attempted Cross-Site Scripting and SQL injection, as well as buffer overflow and PHP file inclusion attacks.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo