Industry innovators 2007: Core Security Impact

Share this article:
Core Security Group
Core Security Group
Iconsider the term “ethical hacking” an oxymoron, but it has become a part of the information assurance lexicon whether I agree or not. However, the practical fact is that true penetration testing is not hacking in any form whatever. It is testing. Testing requires rigor, repeatability and structure, none of which is the hallmark of the hacker's trade, ethical or not.

One challenge for commercial pen testers is that to achieve rigor, repeatability and structure a special tool set is required. Too often the tools in that set are a hodge-podge of open source and home brew exploits. Core Security has changed all that with its industry leading penetration tool, Impact.
Impact is structure, rigor and repeatability in a box. The friendly interface speeds the test process, the reports are comprehensive, scripting allows repeatable test suites, and the exploits are being updated constantly. We have used Impact in SC Labs for two years and have found nothing else that even comes close, open source or commercial, for application as a production quality penetration tool.

What makes a single point product innovative? In the case of Impact, it's the vision of the people behind it. Core Security has a dedicated team of threat and vulnerability engineers who look to the present and the future to ensure that the product not only addresses today's vulnerabilities, but also looks ahead to the evolving threat environment.

Core visionaries think in terms of bringing process improvement to pen testing and to the underlying security processes. Core has evolved a consistent framework that is extensible and scalable.
Because Impact is a penetration tool, it is more efficient to first run a scanner and then attempt to exploit the results of the scan. To facilitate that, Impact accepts the results of the Nessus scan as input data. Impact also allows users to develop their own intellectual property in the form of exploit scripts that Impact executes as it would its own.


AT A GLANCE

What it is: Commercial grade penetration testing tool
Vendor: Core Security - www.coresecurity.com
Cost: $30,000
Innovation: An evolving platform for rigorous penetration testing
What we liked: Slick, consistent user interface that speeds the testing process; ability to modify and
add exploits; ability to affect underlying security processes
Share this article:

Sign up to our newsletters

More in Features

Know your friends: Partnering with the right allies

Know your friends: Partnering with the right allies

Choosing the right allies to ensure security requirements is a challenge for businesses both large and small, reports James Hale.

Bad reputation: Annual guarding against a data breach survey

Bad reputation: Annual guarding against a data breach ...

Will recent high-profile cyber attacks spur stronger security and improved risk management? The consensus from our data breach survey indicates: Yes, reports Teri Robinson.

Network Rx: Health care security

Network Rx: Health care security

With the addition of 15,000 mobile devices accessing its network, a medical center found assurance - and met compliance mandates, reports Greg Masters.