Thursday, 29 January 2009

Core Security Technologies - CORE IMPACT Pro v8

Abstract

CORE IMPACT Pro is an automated penetration testing product that enables organisations to evaluate the security of their servers, desktop systems, end users’ systems, and Web applications by automating tasks that would traditionally require significant time, effort, and expertise to perform. The solution also tests the security infrastructure’s response to attacks on these vectors. The product is based around a proprietary kernel and Python interpreter which runs a wide range of vulnerability exploit scripts. The tool provides a GUI management console from which IT security personnel can configure, run, and analyse penetration tests. The product allows for automated and manual penetration testing and reporting. The offering utilises Crystal Reports for report generation, and a SQL Server Express internal database for storing test data and results. Butler group believes that regular penetration testing should form part of an organisation’s IT Governance and Information Security Management control set, and tools such as CORE IMPACT Pro provide organisations with a repeatable and efficient way of conducting regular security reviews. CORE IMPACT Pro should be of interest to all organisations – especially those operating in regulated markets and/or those likely to be targets of cyber attacks.

Key Findings

Strength

  • Easy to set up and use, relatively low learning curve.
  • Solution sold only to legitimate entities; ships with a digital watermark to avoid misuse.

Information

  • The laptop (or desktop) deployment method may prove limiting for distributed IT infrastructures where a master/slave architecture might perhaps work better.
  • The product is subscription based, and is regularly updated with vulnerability scripts and system exploits.

Weakness

  • The product would benefit from integration with application portfolio management solutions to aid business risk assessment.
  • Integration with IT Service Management/ITIL solutions would enhance this product from an IT management perspective.

Look Ahead

The company plans to unveil an enterprise security offering in the first half of 2010, with some enterprise features appearing in the second half of 2009.

Read the full Technology Audit on the Butler Group Web site.
Posted by at 12:00
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)