Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
First, nearly all the tools tested report all the vulnerabilities they find, categorizing them on their importance. But this means the tests take individual vulnerabilities out of context, making it difficult to understand what is and is not really important.
Core Impact, on the other hand, reports only the flaws it is able to exploit (except one extremely detailed report that is more like a very verbose log than a report). In our tests, the product was able to penetrate our Sun Solaris 8 box by exploiting three vulnerabilities. The product is, first and foremost, a penetration testing tool.
We found the documentation very good. It is clear and makes installation and operation of the product smooth. Email support is available, and purchasers receive a free online training session with a member of the support team over the phone. This hour-long session trains the user or administrator in all aspects of the product and it can be scheduled whenever convenient for the user.
Core Impact is very easy to install and you can begin testing quickly. Different panels guide you through all steps from discovery to clean up and reports. Each step has its own wizard and a quick-start guide walks you through each wizard and test. At the end, the report generator puts all the reports together for you based on your choice of options.
We found the product to be fairly flexible with quite a few option configurations and details of attacks with a solid user interface. During scans, event logs and progress information display in the corner of the interface in real time, making it easy to view the status of the test process, but we found this large amount of information cluttered the user interface somewhat.
For organizations that need to be very sure of the security of critical or sensitive systems, Core Impact is a must-have tool and for these organizations we rate Core Inpact as highly recommended.