February 01, 2006
Core Security TechnologiesProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Very easy to use. Scans for vulnerabilities and tries to penetrate the target. Training session offered. Free downloadable updates.
- Weaknesses: Cluttered interface.
- Verdict: Superb pentesting tool going well beyond vulnerability assessment.
Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
First, nearly all the tools tested report all the vulnerabilities they find, categorizing them on their importance. But this means the tests take individual vulnerabilities out of context, making it difficult to understand what is and is not really important.
Core Impact, on the other hand, reports only the flaws it is able to exploit (except one extremely detailed report that is more like a very verbose log than a report). In our tests, the product was able to penetrate our Sun Solaris 8 box by exploiting three vulnerabilities. The product is, first and foremost, a penetration testing tool.
We found the documentation very good. It is clear and makes installation and operation of the product smooth. Email support is available, and purchasers receive a free online training session with a member of the support team over the phone. This hour-long session trains the user or administrator in all aspects of the product and it can be scheduled whenever convenient for the user.
Core Impact is very easy to install and you can begin testing quickly. Different panels guide you through all steps from discovery to clean up and reports. Each step has its own wizard and a quick-start guide walks you through each wizard and test. At the end, the report generator puts all the reports together for you based on your choice of options.
We found the product to be fairly flexible with quite a few option configurations and details of attacks with a solid user interface. During scans, event logs and progress information display in the corner of the interface in real time, making it easy to view the status of the test process, but we found this large amount of information cluttered the user interface somewhat.
For organizations that need to be very sure of the security of critical or sensitive systems, Core Impact is a must-have tool and for these organizations we rate Core Inpact as highly recommended.
SC Magazine Articles
- Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected
- Cybercriminals already able to hack ATM biometric readers
- Education sector bullied by ransomware and can barely defend itself, report
- IoT assault, connected devices increasingly used for DDoS attacks
- OVH suffers massive 1.1Tbps DDoS attack
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- UPDATE: Petya ransomware leverages Dropbox and overwrites hard drives
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- State officials warn Congress: don't damage public confidence in election systems
- 'Lock Down Your Login' campaign urges authentication, furthers CNAP
- RIG EK rigged to steal tricks from Neutrino in fight to fill Angler's void
- SWIFT adds additional protective measures for members to ensure cybersecurity compliance
- 185M incidents bypassed perimeter defenses - report