Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Security testing for identifying critical vulnerabilities

Core Security Technologies : 25 November, 2008  (New Product)
Impact Pro 7.6 delivers unprecedented security testing for the identification of vulnerabilities and achieving PCI compliance
Core Security Technologies have announced a significant milestone, delivering version 7.6 of its flagship product, Impact Pro, as well as its newest offering, Core Impact Essential, to the EU market. Both solutions enable enterprises to rapidly assess their information security posture and ensure that they maintain compliance with the Payment Card Industry (PCI) Data Security Standard (DSS).
In addition to providing customers with the most effective manner of identifying and prioritising their most significant security vulnerabilities, the Core Impact product family allows organisations to meet the strict testing measures established in PCI Requirement 11.3 and further clarified in version 1.2 of the DSS, which the PCI Council officially put into effect on 1 Oct., 2008.

The PCI 1.2 standard specifically states in Requirement 11.3 that companies must "run internal and external network penetration tests at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades)."

PCI officials have also further endorsed the use of comprehensive testing solutions including Impact Pro as an acceptable form of testing to provide to certified PCI compliance auditors. Additionally, Impact Pro allows organisations to validate the efficacy of other security controls required under PCI DSS, including the capabilities of IDS/IPS, anti-virus and web applications firewalls to prevent attacks that can circumvent defensive mechanisms and go after protected payment card data.

The direct applicability of Core Impact solutions to the PCI DSS standard has become a major driver behind the rapid adoption of Core Impact Pro by large enterprises, Qualified Security Assessors (QSA) and Approved Scanning Vendors (ASV) alike, all of whom use the solution to regularly test their security systems and processes, or those of their customers.

"The specific requirements of PCI have placed penetration testing and vulnerability assessments front and centre on the agenda of many organisations that had previously overlooked this vital security procedure," said Fred Pinkett, vice president of product management at Core Security Technologies. "Impact Pro also includes PCI-specific reporting functionality to help customers automate testing and quickly prioritise any remediation work needed maintain compliance with the standard."

In a recent webcast hosted by Core Security, Bob Russo, general manager of the PCI Security Standards Council, reaffirmed that internal use of a penetration testing software solution such as Impact meets the specific testing guidelines of DSS and confirmed that reports produced by such technologies will be accepted by certified auditors as proof of compliance with that portion of the mandate. The statement refutes some existing market misconceptions that DSS requires third-party penetration testing.

Russo also submitted that regular use of such a security testing solution should be considered an important mechanism in maintaining PCI compliance over time, and a vital element of any organisation's fundamental security practices.

Existing Impact Pro users have recognised that the solution is extremely strategic in both meeting PCI compliance goals and improving their overall security posture. As a result of bringing Core Impact testing capabilities in-house, many of these organisations have also directly reduced the number of third party consulting engagements they enlist to conduct security assessments each year, or have begun sharing Impact testing results directly with their services providers to maximize the value delivered via those efforts.

'Whilst it's nice to know that we're compliant with regulations, it's much more important for us to deliver on our promise to ensure information security for our customers,' said Matt Hobbs, chief architect and security officer for U.K.-based travel services provider "By deploying Core Impact we are now able to test our infrastructure for vulnerabilities as part of our routine security practice which also allows us to simultaneously meet many of our obligations to regularly test security systems and processes."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo