February 01, 2006
Core Security TechnologiesProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Very easy to use. Scans for vulnerabilities and tries to penetrate the target. Training session offered. Free downloadable updates.
- Weaknesses: Cluttered interface.
- Verdict: Superb pentesting tool going well beyond vulnerability assessment.
Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
First, nearly all the tools tested report all the vulnerabilities they find, categorizing them on their importance. But this means the tests take individual vulnerabilities out of context, making it difficult to understand what is and is not really important.
Core Impact, on the other hand, reports only the flaws it is able to exploit (except one extremely detailed report that is more like a very verbose log than a report). In our tests, the product was able to penetrate our Sun Solaris 8 box by exploiting three vulnerabilities. The product is, first and foremost, a penetration testing tool.
We found the documentation very good. It is clear and makes installation and operation of the product smooth. Email support is available, and purchasers receive a free online training session with a member of the support team over the phone. This hour-long session trains the user or administrator in all aspects of the product and it can be scheduled whenever convenient for the user.
Core Impact is very easy to install and you can begin testing quickly. Different panels guide you through all steps from discovery to clean up and reports. Each step has its own wizard and a quick-start guide walks you through each wizard and test. At the end, the report generator puts all the reports together for you based on your choice of options.
We found the product to be fairly flexible with quite a few option configurations and details of attacks with a solid user interface. During scans, event logs and progress information display in the corner of the interface in real time, making it easy to view the status of the test process, but we found this large amount of information cluttered the user interface somewhat.
For organizations that need to be very sure of the security of critical or sensitive systems, Core Impact is a must-have tool and for these organizations we rate Core Inpact as highly recommended.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Syrian Electronic Army redirects Gigya, briefly compromises media sites on Thanksgiving Day
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say