February 01, 2006
Core Security TechnologiesProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Very easy to use. Scans for vulnerabilities and tries to penetrate the target. Training session offered. Free downloadable updates.
- Weaknesses: Cluttered interface.
- Verdict: Superb pentesting tool going well beyond vulnerability assessment.
Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
First, nearly all the tools tested report all the vulnerabilities they find, categorizing them on their importance. But this means the tests take individual vulnerabilities out of context, making it difficult to understand what is and is not really important.
Core Impact, on the other hand, reports only the flaws it is able to exploit (except one extremely detailed report that is more like a very verbose log than a report). In our tests, the product was able to penetrate our Sun Solaris 8 box by exploiting three vulnerabilities. The product is, first and foremost, a penetration testing tool.
We found the documentation very good. It is clear and makes installation and operation of the product smooth. Email support is available, and purchasers receive a free online training session with a member of the support team over the phone. This hour-long session trains the user or administrator in all aspects of the product and it can be scheduled whenever convenient for the user.
Core Impact is very easy to install and you can begin testing quickly. Different panels guide you through all steps from discovery to clean up and reports. Each step has its own wizard and a quick-start guide walks you through each wizard and test. At the end, the report generator puts all the reports together for you based on your choice of options.
We found the product to be fairly flexible with quite a few option configurations and details of attacks with a solid user interface. During scans, event logs and progress information display in the corner of the interface in real time, making it easy to view the status of the test process, but we found this large amount of information cluttered the user interface somewhat.
For organizations that need to be very sure of the security of critical or sensitive systems, Core Impact is a must-have tool and for these organizations we rate Core Inpact as highly recommended.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes