05:52 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly

CORE Security Announces Major Enhancement To CORE Insight Enterprise Solution

CORE Insight 3.0 delivers multivector vulnerability assessment, asset categorization, threat simulation, penetration testing, and advanced security analytics

Boston, MA – May 15, 2013 – CORE Security®, a leading provider of predictive security intelligence solutions, today announced a major enhancement to its CORE Insight&trade Enterprise solution, with the launch of Insight 3.0. CORE Insight delivers multi-vector vulnerability assessment, asset categorization, threat simulation, penetration testing and advanced security analytics, all in the context of network topography. This unique combination feeds a unified security risk management console that streamlines the entire vulnerability management lifecycle – prioritizing and reducing risk in the context of business, regulatory compliance and operational metrics. Insight also offers improved automation that allows teams to focus on decreasing the costs and complexity of security management across an enterprise.

A recent report from Forrester® Research stated: "To say that the threat landscape is overwhelming is the understatement of the year. Targeted attacks are on the rise with increasing sophistication, and our detection and response capabilities are woefully inadequate. Advanced persistent threats, espionage, spear phishing, and disrupted denial of service attacks dominate the headlines."1 That same report observed: "Managing vulnerabilities and threats is the No. 2 priority for S&R (Security & Risk) professionals, and the changing/evolving nature of threats is the top security challenge organizations face." 2

As the Forrester report suggests, today's attacks on organizations are much more likely to be targeted, stealthy and slow-moving. Vulnerability scanning, virus signatures and firewall rules – even when paired with layered security architectures and consultants to fine tune configurations – rarely close the gap. Business leaders, IT and security stakeholders need to know what's happening, why it's happening and what actions to take. They want a single "view" that provides real-time intelligence into their risk posture.

Insight 3.0 provides advanced capabilities for a variety of requirements. For customers who have found that their current threat and risk management programs have come up short in their ability to identify meaningful IT risk at the decision maker and business level, Core Insight adds Predictive Security Intelligence technology to map a warehouse of security data to actionable risk information. CORE Insight correlates vulnerabilities, network topographies, and cyber-attack expertise to identify high-probability exposures and attack paths to the assets identified as critical--by the company. This unique combination allows security experts to prioritize and remediate the threats that are most likely to compromise critical assets. Using the intelligence that Insight delivers, organizations can focus resources most efficiently on the high-probability threats. Insight's advanced reporting capabilities deliver consistent measurement on operational risk at both the executive and technical levels.

For customers that are looking to consolidate their vulnerability scanning, web scanning, pen testing, and threat/risk analysis programs into a single, unified solution, Insight 3.0's Intelligent Vulnerability Managementcapabilities will help streamline and refine existing vulnerability management processes. Traditional vulnerability management is a cyclical practice of identifying, classifying, remediating and mitigating vulnerabilities. For most organizations this practice produces overwhelming amounts of data that is nearly impossible to prioritize and substantiate effectively, or with any consistency, using existing IT security resources or budgets. This commonly results in gaps that create risk and leave an organization vulnerable to attack.

CORE Insight 3.0 helps to solve this issue by consolidating, analyzing and prioritizing the overwhelming amounts of security data. Insight delivers in-depth analysis of this data to accurately identify attack paths, based on known vulnerabilities and exploits, which can be used to compromise network assets. Insight captures this data to identify the actual vulnerabilities which in turn allows security personnel to remediate the identified network assets far more efficiently. This knowledge allows for better patch management and security resources are used more efficiently and cost-effectively. Insight's reporting dashboard delivers customized reports based on the user's role, executive to technical, and helps to answer the question: "How secure is my organization?"

Insight/Impact Integration

Insight 3.0 also features the full integration of CORE Impact, the industry's leading penetration testing solution. Once an exploit is validated with CORE Insight, threat simulation scenarios can be fed to CORE Impact for targeted, live exploit testing and layered defense investigation. Deeper 'what-if' analysis findings can then be worked back into CORE Insight for risk analysis and modeling, operational qualification and reporting. This integration adds proven Impact functionality to Insight and offers a "closed-loop" process for identifying and remediating exploits.

"With today's constantly-evolving threat landscape, security professionals and business leaders don't need more security-related data, they need more security intelligence applied to that data. While existing vulnerability management solutions have delivered what they can, they fall short when it comes to analytics and intelligence," said Milan Shah, senior vice president of products and engineering at CORE Security. "With the delivery of Insight 3.0, we are providing a solution that streamlines the entire vulnerability management lifecycle –prioritizing and reducing risk in context of business, regulatory compliance and operational metrics that allows different types of users to get the available information they need quickly. The integration of Insight and Impact is also a huge step forward, as CORE and the industry moves to more consolidated solutions to deliver security intelligence."

Availability and Pricing

CORE Insight Enterprise 3.0 is available today and pricing is based on the number of assets scanned.

About CORE Security

CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company's innovative security research center. For more information, visit

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/16/2013 | 2:16:11 PM
re: CORE Security Announces Major Enhancement To CORE Insight Enterprise Solution
You mean Rapid7 and Qualys have been doing for YEARS!? hahah CORE is a joke and a follower.....
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) or (2) in backends/.

Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.