Core Security Helps Happy State Bank Meet Strict FDIC Regulations; Penetration Testing Proves Effectiveness of Information System Security

Business Wire, Sept 26, 2005

BOSTON -- Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today announced that Happy State Bank is maintaining Federal Deposit Insurance Corp. (FDIC) security compliance using CORE IMPACT. CORE IMPACT enables network administrators to quickly and easily test the overall health of an institution's IT security measures by performing controlled attacks on their networks. By mimicking the behavior of malicious hackers, worms and viruses, CORE IMPACT reveals exploitable flaws and paths a hacker could use to gain unauthorized access into a network. Happy State Bank, a Texas-based independent financial institution, recently purchased CORE IMPACT to fulfill its security needs.

"Core's penetration testing solution is a crucial tool in our ongoing efforts to meet FDIC requirements," said Happy State Bank Vice President Jason James. "In addition to being able to fully test our network to ensure no vulnerabilities exist that a potential hacker can exploit, the software easily creates reports we can share with our executives and the FDIC to demonstrate our compliance. Core also allows us to test the effectiveness of other third-party security products we employ to ensure our investments are delivering value."

FDIC regulatory language mandates that nationally chartered banks and all banks that are members of the Federal Reserve System must have FDIC insurance to operate. To qualify for FDIC insurance, banks must comply with a number of policies affecting bank operations, including IT. Within the language dictating IT compliance, is the requirement that, "appropriate security controls and risk management techniques must be employed."

To comply with these requirements and take an active role in securing its network, First State bank chose CORE IMPACT. Traditionally, banks have had to employ costly consultants or dedicate in-house resources to the tedious, painstaking process of manually attempting to compromise the network using hacker techniques. CORE IMPACT is the first software to automate this process, significantly reducing the time and effort needed to find vulnerabilities.

"As online data theft increases in scope and sophistication, banks must demonstrate that they are rigorously testing their security to maintain the integrity of their systems," said Paul Paget, chief executive officer at Core Security. "Clearly, penetration analysis and its ability to proactively show network risks helps support the FDIC's IT security requirements, which is why many U.S. banks have become interested in CORE IMPACT. In addition to revealing potential network flaws, the reports IMPACT generates are designed to support internal and external auditing efforts, providing additional value to banking executives."

About Core Security Technologies

Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the first automated penetration testing product for assessing specific information security threats to an organization. Penetration testing evaluates overall network security and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing, software security auditing and related training. Headquartered in Boston, MA, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.