Core Security Core Insight
March 02, 2015
Core Security TechnologiesProduct:
£42,916.36, VM only; £6,502.48 per additional hardware appliance, plus 18 percent (first year).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Prioritisation of vulnerabilities.
- Weaknesses: Pricey.
- Verdict: A bit expensive but very powerful. Recommended.
Core Security's Core Insight is the gold standard for penetration testing and vulnerability assessment. It both scans and pen-tests on its own, but also aggregates data from other sources, like Qualys, Nessus and many others. Its standout features - annual pen-tests, suggested attack paths analysis of pivots, as well as putting pivots in the tested computers themselves - really separates Insight from other products in this category.
Core Security gave us a VM in a test environment. This VM was able to quickly draw up a full network map, so it was easy to familiarise ourselves with a completely new environment. There was some training Core Security gave us on the product, which was helpful, as this tool has a little bit of a learning curve, but is very easy to use once you have the hang of it.
Insight has excellent permissions control - at the time of creating a campaign, one simply drags and drops the appropriate users. Where Core Insight really gets its bang for your buck though is contextually valuing your security vulnerabilities. Core Insight takes network maps, a long list of vulnerabilities, sometimes thousands, and tells you which ones you absolutely need to fix. In our case, we had narrowed down 12,000 vulnerabilities to about 80 important ones. The tool does this by figuring out which computers can be pivoted off of, and where they can pivot to, favouring the shorter paths to the more critical infrastructure. The time saved by narrowing vulnerabilities down, and doing so intelligently, gives someone a place to start securing the network.
Insight includes a manual pen-test mode, for those who would like more than just a few scans. Scanners can pick up false alarms - every one of them does - and nothing tests a vulnerability quite like exploiting it does. Core Insight has a massive database of exploits of its own, as well as support for third-party exploits, all from a web interface. The manual pen-test is as simple as point-and-click, anyone could do so with very little experience. It made pivoting and following the suggested attack paths seem like child's play.
The purchase of Core Security's Core Insight costs £42,916.36 for the Virtual Machine with support for 1,000 assets and two remote auditors, and £6,502.48 per each hardware appliance, then 18 percent on top of that for support for the first year. Support is available 7 a.m. to 7 p.m. five days a week through web, email and phone, as well as a 24/7 forum, and access to private and customer-only web-based training sessions and free upgrades.
Core Insight is the most feature-rich product we've tested. However, it was the most expensive product as well, and is most effective when paired with other vulnerability scanners. That said, Core Insight is worth every penny. It is a premium product with no compromises made, and an absolute pleasure with which to work. It was a clear choice to make this our Recommended product.
Prices are US-based and therefore indicative only.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Technical Information Security Consultant
Adeptis - Kent
Senior Security Analyst
Adeptis - Kent
Business Development Manager (IT Security Services)
Adeptis - Reading, Berkshire
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Report: Mirai 'is just the tip of the iceberg'
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- 400% increase in POS malware variants across US Thanksgiving weekend
- Only 25% of businesses can effectively detect and respond to data breaches
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears