Core Security Technologies Further Simplifies Client-Side Penetration Testing with Latest Version of Core Impact.
Unveils Increased Customization and Automation for Testing of Defenses; Enhanced Encryption, Authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.
(2) Verifying the identity of a user logging into a network. and Expanded Platform Support
BOSTON -- Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today announced CORE IMPACT 6.2, an enhanced edition of the company's flagship software product designed to help companies easily and efficiently test their network security policies. CORE IMPACT 6.2 includes enhancements that enable organizations to more effectively test their security defenses against increasingly prevalent client-side attacks that rely on social engineering, such as spear phishing See phishing. and e-mails with malicious content. The new version also features enhanced encryption and authentication capabilities to help testers more easily meet secure communication requirements during penetration tests, as well as expanded target platform support for testing networks with AIX (Advanced Interactive eXecutive) IBM's Unix-based operating system which runs on its Intellistation workstations and pSeries, p5, iSeries and i5 server families. [TM] systems.
"The threat landscape constantly shifts. Currently, the endpoint is the most prevalent target. Existing vulnerability management solutions sometimes find it difficult to keep pace with the mix of technical and nontechnical attack vectors," said Charles Kolodgy, research director, Secure Content and Threat Management program at IDC. "To deal with this situation, customers should consider a solution that offers penetration testing to simulate attackers' technical methods along with an analysis of nontechnical or social engineering threats, as well. This will improve enterprises' ability to assess their real security risks."
According to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. the latest SANS Top 20 update for 2006, the increase in client-side vulnerabilities continues to gain momentum. The report also points to an increase in the number and severity of user-initiated threats such as phishing and spear phishing, and recommends that organizations undertake "safe phishing" as one of the best methods for averting these types of attacks. CORE IMPACT 6.2 introduces new functionality to make it easier for organizations to accurately assess their vulnerability to client-side attacks and to customize, perform and repeat safe phishing attacks to measure the effectiveness of their security defenses as well as their user security awareness Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. initiatives.
"Businesses are recognizing the severity of client-side attacks and are demanding solutions that help them accurately evaluate their potential exposure," said Paul Paget, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Core Security. "With this release of CORE IMPACT, we continue to respond directly to customer requests for safe, secure technology that enables them to assess the risks they face and determine the effectiveness of their existing security investments and end-user education programs."
E-mail Customization and Automation for Client-Side Exploits That Require Social Engineering--CORE IMPACT 6.2 features new easy-to-use templates that allow security professionals to efficiently and effectively tailor client-side attacks to reflect the latest social engineering attack trends. Because both content and appearance of communications play a key role in establishing trust to solicit recipient action in attacks such as spear phishing and e-mails containing malicious attachments, Core Security has enhanced CORE IMPACT so that e-mails sent as part of a client-side penetration test can now be easily customized via new HTML HTML
in full HyperText Markup Language
Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. templates. Penetration testers can also now save and reuse e-mail templates across different tests, as well as take advantage of several different existing templates already built into the product. In addition, testers can now automatically send e-mail to a group of targets, with content personalized per·son·al·ize
tr.v. per·son·al·ized, per·son·al·iz·ing, per·son·al·iz·es
1. To take (a general remark or characterization) in a personal manner.
2. To attribute human or personal qualities to; personify. with particular information about each specific recipient.
Strong Authentication and Encryption for In-memory Agent--With CORE IMPACT 6.2, Core Security continues to add important capabilities to its unique patent-pending agent technology by providing additional safety mechanisms to improve the security of the penetration testing process. With this release, IMPACT's in-memory agent can now utilize strong authentication and encrypted communications without requiring the installation of any additional software on the compromised computer A computer that has a virus, Trojan or other malevolent program. See botnet. . This provides additional security while minimizing impact to the tested network. Additional new agent capabilities in CORE IMPACT 6.2 include the ability to run a complete system shell from the in-memory agent, and the option of configuring the agent to survive system restarts in the cases where the penetration test spans multiple days of work.
Increased Target Platform Support--Expanding its current available support for Windows, Linux, Solaris, Mac OS X and OpenBSD, CORE IMPACT 6.2 now supports testing networks with AIX systems. Extending the industry's most comprehensive penetration testing platform required enhancements in information gathering, the agent, logging and reporting, user interface and exploit support libraries, including payload (1) Refers to the "actual data" in a packet or file minus all headers attached for transport and minus all descriptive meta-data. In a network packet, headers are appended to the payload for transport and then discarded at their destination. generation. Exploits for all supported platforms are updated on a regular basis corresponding to regular IMPACT updates.
CORE IMPACT 6.2 also features additional new enhancements throughout the product, including:
Enhanced Information Gathering--IMPACT's unique Rapid Penetration Test (RPT RPT - Unify. Report Writer Language. ) now leverages IMPACT's fast port scanning Sending queries to servers on the Internet in order to obtain information about their services and level of security. On Internet hosts (TCP/IP hosts), there are standard port numbers for each type of service. Port scanning is also widely used to find out if a network can be compromised. engine to perform network discovery utilizing a variety of TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. ports, improving the chances of successful host detection in situations where network filtering is in place. In addition, a new UDP UDP (uridine diphosphate): see uracil.
(User Datagram Protocol) A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required. service identification capability ensures proper identification of active UDP services during the Information Gathering phase.
Improved Product Configuration--Global network settings in CORE IMPACT are now consolidated into a single section within the Options dialog. Proxy and proxy authentication settings for downloading exploit and module updates can now be configured globally, and can optionally be inherited from Internet Explorer's settings.
Support for Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. 7--IMPACT 6.2 now supports running on systems with IE 7.
CORE IMPACT 6.2 is available immediately at no additional charge for all existing IMPACT customers with a valid current license.
About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product A primary product of a company, which is typically why the company was founded and/or what made it well known. For example, MS-DOS, Windows and the Microsoft Office suite have been flagship products of Microsoft. CorelDRAW is a flagship product of Corel Corporation. , CORE IMPACT, is the first automated penetration testing product for assessing specific information security threats to an organization. Penetration testing evaluates overall network security and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing, software security auditing and related training. Based in Boston, MA and Buenos Aires Buenos Aires (bwā`nəs ī`rēz, âr`ēz, Span. bwā`nōs ī`rās), city and federal district (1991 pop. , Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.