February 01, 2006
Core Security TechnologiesProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Very easy to use. Scans for vulnerabilities and tries to penetrate the target. Training session offered. Free downloadable updates.
- Weaknesses: Cluttered interface.
- Verdict: Superb pentesting tool going well beyond vulnerability assessment.
Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
First, nearly all the tools tested report all the vulnerabilities they find, categorizing them on their importance. But this means the tests take individual vulnerabilities out of context, making it difficult to understand what is and is not really important.
Core Impact, on the other hand, reports only the flaws it is able to exploit (except one extremely detailed report that is more like a very verbose log than a report). In our tests, the product was able to penetrate our Sun Solaris 8 box by exploiting three vulnerabilities. The product is, first and foremost, a penetration testing tool.
We found the documentation very good. It is clear and makes installation and operation of the product smooth. Email support is available, and purchasers receive a free online training session with a member of the support team over the phone. This hour-long session trains the user or administrator in all aspects of the product and it can be scheduled whenever convenient for the user.
Core Impact is very easy to install and you can begin testing quickly. Different panels guide you through all steps from discovery to clean up and reports. Each step has its own wizard and a quick-start guide walks you through each wizard and test. At the end, the report generator puts all the reports together for you based on your choice of options.
We found the product to be fairly flexible with quite a few option configurations and details of attacks with a solid user interface. During scans, event logs and progress information display in the corner of the interface in real time, making it easy to view the status of the test process, but we found this large amount of information cluttered the user interface somewhat.
For organizations that need to be very sure of the security of critical or sensitive systems, Core Impact is a must-have tool and for these organizations we rate Core Inpact as highly recommended.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime