Industry innovators 2007: Core Security Impact

Share this article:
Core Security Group
Core Security Group
Iconsider the term “ethical hacking” an oxymoron, but it has become a part of the information assurance lexicon whether I agree or not. However, the practical fact is that true penetration testing is not hacking in any form whatever. It is testing. Testing requires rigor, repeatability and structure, none of which is the hallmark of the hacker's trade, ethical or not.

One challenge for commercial pen testers is that to achieve rigor, repeatability and structure a special tool set is required. Too often the tools in that set are a hodge-podge of open source and home brew exploits. Core Security has changed all that with its industry leading penetration tool, Impact.
Impact is structure, rigor and repeatability in a box. The friendly interface speeds the test process, the reports are comprehensive, scripting allows repeatable test suites, and the exploits are being updated constantly. We have used Impact in SC Labs for two years and have found nothing else that even comes close, open source or commercial, for application as a production quality penetration tool.

What makes a single point product innovative? In the case of Impact, it's the vision of the people behind it. Core Security has a dedicated team of threat and vulnerability engineers who look to the present and the future to ensure that the product not only addresses today's vulnerabilities, but also looks ahead to the evolving threat environment.

Core visionaries think in terms of bringing process improvement to pen testing and to the underlying security processes. Core has evolved a consistent framework that is extensible and scalable.
Because Impact is a penetration tool, it is more efficient to first run a scanner and then attempt to exploit the results of the scan. To facilitate that, Impact accepts the results of the Nessus scan as input data. Impact also allows users to develop their own intellectual property in the form of exploit scripts that Impact executes as it would its own.


AT A GLANCE

What it is: Commercial grade penetration testing tool
Vendor: Core Security - www.coresecurity.com
Cost: $30,000
Innovation: An evolving platform for rigorous penetration testing
What we liked: Slick, consistent user interface that speeds the testing process; ability to modify and
add exploits; ability to affect underlying security processes
Share this article:

Sign up to our newsletters

More in Features

Following the framework: Government standards

Following the framework: Government standards

New government standards promise to address risk and improve online security for critical infrastructure, reports Karen Epper Hoffman.

HIPAA shake: Health care

HIPAA shake: Health care

Adherence to HIPAA, the national law that aims to protect patient information, is about to get trickier, reports Alan Earls.

Affecting the C-suite: The CSO's reputation in today's corporate environment

Affecting the C-suite: The CSO's reputation in today's ...

Those who occupy the C-suite all bow to one corporate god: Reputation, says Blackstone CISO Jay Leek. James Hale reports.