June 01, 2016
Core Security TechnologiesProduct:
£45,000for up to 1,000 assets.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Very solid next-generation vulnerability management tool, living up to the Core legacy of leadership in the marketspace.
- Weaknesses: We wish this tool had an integral patch management system or, at least, hooks into popular third-party tools.
- Verdict: This takes vulnerability management into the next generation and combines vulnerability assessment and pen testing along with attack simulation in a single tool.
Core Security is a pioneer in vulnerability management. Since early on, Core has focused on penetration testing with its Core Impact product. Impact is largely a manual system, but does have some good automation. Automation in pen testing is unusual and often is frowned on by hard-core pen testers. To accommodate them, Impact allows manual testing using supplied scripts, writing your own scripts, or modifying their scripts to be a bit more purpose-built for a particular environment. Now, Core has added Insight, a tool with the best of all worlds and, in fact, it includes Impact as part of its pen testing capability.
Insight adds some important capabilities. Put very simply, it automates much of the vulnerability management workflow beginning with asset discovery. This really is a next-generation tool. It takes in network topology based on a database of over 100 routers and firewalls, known exploits and data from other scan engines - should you opt not to use the PCI-approved network and web scanner that comes with the tool. The network topology is based on provided profiles.
We tested Insight against Core's target range of different machines and applications. The results were quite satisfactory. The tool can auto-discover and profile host operating system, host type, open ports, services and interconnectivity to other devices and networks. It knows real-world exploits and matches them against exploits you use against devices in your enterprise. This allows the tool to determine likely attack paths and risk of compromise.
The tool starts by using its vulnerability scan along other known information about attacks, exploits and vulnerabilities to create a threat model that is used for attack simulation. This goes back to the notion of reachability. By understanding attack paths one can interdict the delivery step of the kill chain and stop the attack from having a significant impact. This also allows exploit validation in the context of the assessment. The modeling process simulates the approach the bad actors would take in one's particular enterprise. This gives the entire vulnerability management process a real-world flavour rather than a lab exercise.
Finally, one can use Impact - included now as part of Insight - to validate exploits found by the scanner and simulation. This, by the way, is not the sort of scanner one may be used to. Rather than let admins perform the scans, it does that for the user based on intelligence it gathers both on the enterprise and externally. Using its Attack Intelligence Platform, Insight calculates attack paths, probable exploits and other things that an attacker attempting to breach an enterprise would take into account and runs the simulation. One can use that to perform actual exploits much as the attacker would perform them.
Reporting is excellent and, while remediation is manual by IT staff, the reports are detailed enough to facilitate rapid and effective remediation. Documentation is exactly what one would expect from Core and virtually all of it is available from the help right at one's fingertips. The website is complete with lots of support resources, both before and after purchase of the product. Of particular interest to us is the exploit database. While it is true that this replicates the exploits available on Core tools, it also is an excellent reference.
At £45 per asset at 1,000 assets, Insight is a bit on the high side. However, this is an (almost) full-featured vulnerability management tool. From a functionality perspective, we wish that Core had taken that last step to stich in either integrated patch management or hooks into popular third-party patch management tools. Other than that, we were quite impressed by Core's latest offering.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report