Core Security Technologies Unveils CORE IMPACT 6 - Providing New Capabilities for Testing Employee Computers Now Being Targeted to Gain Access to Critical Assets

Business Wire, August 14, 2006

BOSTON -- CORE IMPACT 6 Features Industry-First Framework for Comprehensive Client-Side Penetration Testing

Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today announced CORE IMPACT 6, a new edition of the company's flagship software product designed to help companies easily and efficiently test their network security policies. This latest version of CORE IMPACT features a completely new framework to simplify client-side penetration testing. Client-side attacks are used to take control of end-user systems and thereby gain access to key corporate assets. This version also includes the next generation of CORE IMPACT's patent-pending agent technology, expanded support for new target platforms, and new data export capabilities for easily incorporating penetration testing results into other databases or products.

"Penetration testing is a critical part of every organization's security process," said Mike Rothman, president and principal analyst of Security Incite. "Given the significant 'innovation' coming out of the hacking community, it's critical that the tools used to perform penetration testing are current and state of the art, simulating new client-side attack vectors and covering prevalent platforms that are increasingly targeted."

New Framework for Efficient Client-Side Penetration Testing

Client-side applications, such as Web browsers, instant messaging, media players, spreadsheets and word processing software, have become increasingly vulnerable to exploit by malicious attackers who often use social engineering techniques. Because of this, enterprises are recognizing the need to verify that their security measures, including end-user education programs, are protecting them against these new threats. To support these efforts, IMPACT 6 has a completely new framework that has been optimized for testing client-side applications in a simple and efficient manner. Core Security has also updated all of CORE IMPACT's existing client-side exploits to take advantage of the new framework capabilities, which include:

--New database entities for managing client-side information-CORE IMPACT's database can now store information related to the client-side aspects of a penetration test, including contacts, email addresses and host information.

--Client-side information gathering-IMPACT 6 features new information gathering capabilities to enable users to quickly collect contact and email information utilizing a variety of techniques.

--Optimized GUI and New Generic View-In addition to IMPACT's existing Visibility View, a new Generic View is now available. This new View includes functionality to search the IMPACT database, and to organize host and contact information into user-created folders, providing quick access to relevant information.

--RPT Integration-Ability to leverage IMPACT's unique Rapid Penetration Testing (RPT) graphical user interface and methodology once initial client-side attacks are successful.

"CORE IMPACT 6 demonstrates once again Core Security's commitment to providing leading-edge capabilities for its customers, helping us to better audit the security of our networks," said Larry Pesce, security director, Care New England. "Every security threat report I read today talks about the upswing in client-side attacks, and now I'll be able to quickly and easily assess this for Care New England and evaluate the effectiveness of our internal education programs."

New IMPACT Agent-More Efficient Testing in Less Time

This release also features the next generation of the CORE IMPACT agent technology. The new agent complements Core Security's patent-pending Syscall Proxying technology to provide the most robust and flexible penetration testing environment available today. All exploits have been updated to take advantage of the new agent. New functionality provided by this new agent includes:

--Multitasking-IMPACT's new agents can run multiple tasks at the same time to increase efficiency and speed penetration tests.

--Improved performance when pivoting and chaining-Agents can communicate more efficiently, reducing the amount of network traffic necessary to pivot and to communicate with agents at the end of an agent chain.

--Portability-Agents for new platforms can now be easily integrated with the product, enabling continued support and expansion for the most relevant operating systems.

"The battle to secure enterprise networks is fought on all fronts, and even organizations with the best perimeter security are still open to attacks that exploit client-side vulnerabilities," said Paul Paget, CEO of Core Security. "With CORE IMPACT 6, Core Security is providing companies with a simplified, automated means for evaluating their exposure to this increasingly pervasive threat. As a result, they can better evaluate their security investments and proactively fortify their defenses."

Additional Target Platform Support for Apple OS X

Building upon the current available support for Windows, Linux, Solaris and OpenBSD, version 6 of CORE IMPACT now supports testing networks with Apple OS X. To extend the industry's most comprehensive penetration testing platform, Core Security created new enhancements in information gathering, the agent, logging and reporting, user interface and exploit support libraries, including payload generation. Support for additional target platforms will be available soon and exploits for these platforms will be updated on a regular basis, and coupled with regular IMPACT updates.