Core Security Technologies Unveils CORE IMPACT 6 - Providing New Capabilities for Testing Employee Computers Now Being Targeted to Gain Access to Critical Assets.BOSTON -- CORE IMPACT 6 Features Industry-First Framework for Comprehensive Client-Side Penetration Testing A test of a network's vulnerabilities by having an authorized individual actually attempt to break into the network. The tester may undertake several methods, workarounds and "hacks" to gain entry, often initially getting through to one seemingly harmless section, and from there, Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today announced CORE IMPACT 6, a new edition of the company's flagship software product designed to help companies easily and efficiently test their network security policies. This latest version of CORE IMPACT features a completely new framework to simplify client-side penetration testing. Client-side attacks are used to take control of end-user systems and thereby gain access to key corporate assets. This version also includes the next generation of CORE IMPACT's patent-pending agent technology, expanded support for new target platforms, and new data export capabilities for easily incorporating penetration testing results into other databases or products. "Penetration testing is a critical part of every organization's security process," said Mike Rothman, president and principal analyst of Security Incite. "Given the significant 'innovation' coming out of the hacking community, it's critical that the tools used to perform penetration testing are current and state of the art, simulating new client-side attack vectors and covering prevalent platforms that are increasingly targeted." New Framework for Efficient Client-Side Penetration Testing Client-side applications, such as Web browsers The following is a list of web browsers. Historical Historically important browsers In order of release:
security , including end-user education programs, are protecting them against these new threats. To support these efforts, IMPACT 6 has a completely new framework that has been optimized for testing client-side applications in a simple and efficient manner. Core Security has also updated all of CORE IMPACT's existing client-side exploits to take advantage of the new framework capabilities, which include: --New database entities for managing client-side information-CORE IMPACT's database can now store information related to the client-side aspects of a penetration test, including contacts, email addresses and host information. --Client-side information gathering-IMPACT 6 features new information gathering capabilities to enable users to quickly collect contact and email information utilizing a variety of techniques. --Optimized GUI (Graphical User Interface) A graphics-based user interface that incorporates movable windows, icons and a mouse. The ability to resize application windows and change style and size of fonts are the significant advantages of a GUI vs. a character-based interface. and New Generic View-In addition to IMPACT's existing Visibility View, a new Generic View is now available. This new View includes functionality to search the IMPACT database, and to organize host and contact information into user-created folders, providing quick access to relevant information. --RPT Integration-Ability to leverage IMPACT's unique Rapid Penetration Testing (RPT RPT - Unify. Report Writer Language. ) graphical user interface graphical user interface (GUI) Computer display format that allows the user to select commands, call up files, start programs, and do other routine tasks by using a mouse to point to pictorial symbols (icons) or lists of menu choices on the screen as opposed to having to and methodology once initial client-side attacks are successful. "CORE IMPACT 6 demonstrates once again Core Security's commitment to providing leading-edge capabilities for its customers, helping us to better audit the security of our networks," said Larry Pesce, security director, Care New England New England, name applied to the region comprising six states of the NE United States—Maine, New Hampshire, Vermont, Massachusetts, Rhode Island, and Connecticut. The region is thought to have been so named by Capt. . "Every security threat report I read today talks about the upswing Upswing An upward turn in a security's price after a period of falling prices. in client-side attacks, and now I'll be able to quickly and easily assess this for Care New England and evaluate the effectiveness of our internal education programs." New IMPACT Agent-More Efficient Testing in Less Time This release also features the next generation of the CORE IMPACT agent technology. The new agent complements Core Security's patent-pending Syscall Proxying technology to provide the most robust and flexible penetration testing environment available today. All exploits have been updated to take advantage of the new agent. New functionality provided by this new agent includes: --Multitasking-IMPACT's new agents can run multiple tasks at the same time to increase efficiency and speed penetration tests. --Improved performance when pivoting and chaining-Agents can communicate more efficiently, reducing the amount of network traffic necessary to pivot and to communicate with agents at the end of an agent chain. --Portability-Agents for new platforms can now be easily integrated with the product, enabling continued support and expansion for the most relevant operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. . "The battle to secure enterprise networks is fought on all fronts, and even organizations with the best perimeter security are still open to attacks that exploit client-side vulnerabilities," said Paul Paget, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Core Security. "With CORE IMPACT 6, Core Security is providing companies with a simplified, automated means for evaluating their exposure to this increasingly pervasive threat. As a result, they can better evaluate their security investments and proactively fortify for·ti·fy v. for·ti·fied, for·ti·fy·ing, for·ti·fies v.tr. To make strong, as: a. To strengthen and secure (a position) with fortifications. b. To reinforce by adding material. their defenses." Additional Target Platform Support for Apple OS X Building upon the current available support for Windows, Linux, Solaris and OpenBSD, version 6 of CORE IMPACT now supports testing networks with Apple OS X. To extend the industry's most comprehensive penetration testing platform, Core Security created new enhancements in information gathering, the agent, logging and reporting, user interface and exploit support libraries, including payload (1) Refers to the "actual data" in a packet or file minus all headers attached for transport and minus all descriptive meta-data. In a network packet, headers are appended to the payload for transport and then discarded at their destination. generation. Support for additional target platforms will be available soon and exploits for these platforms will be updated on a regular basis, and coupled with regular IMPACT updates. New Data Export Capabilities to Inform Other Security Products The vulnerability data derived from a penetration test plays an essential role in both the remediation and reporting processes for organizations. CORE IMPACT 6 enables testers to easily inform other network and security resources through new data export capabilities. Detailed information obtained from running IMPACT can now be exported to an external file in XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. format to easily incorporate results from a penetration test into other databases or products. Additional Enhancements to Existing Functionality As a major product release, CORE IMPACT 6 also includes new enhancements throughout the product, including improved Information Gathering, updated integrations with popular vulnerability scanners, and an update to Python Python, in Greek mythology Python, in Greek mythology, a huge serpent. In some myths the infant Apollo slew Python at the oracle of Gaea in Delphi; in others Apollo killed the serpent in order to claim the oracle for himself. 2.4. Additional information can be found at www.coresecurity.com. CORE IMPACT 6 is available now at no additional charge for all existing IMPACT customers with a valid current license. About Core Security Technologies Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product A primary product of a company, which is typically why the company was founded and/or what made it well known. For example, MS-DOS, Windows and the Microsoft Office suite have been flagship products of Microsoft. CorelDRAW is a flagship product of Corel Corporation. , CORE IMPACT, is the first automated penetration testing product for assessing specific information security threats to an organization. Penetration testing evaluates overall network security and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing, software security auditing and related training. Based in Boston, MA and Buenos Aires Buenos Aires (bwā`nəs ī`rēz, âr`ēz, Span. bwā`nōs ī`rās), city and federal district (1991 pop. , Argentina, Core Security Technologies can be reached at 617 399-6980 or on the Web at http://www.coresecurity.com. |
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion