05:52 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
Repost This

CORE Security Announces Major Enhancement To CORE Insight Enterprise Solution

CORE Insight 3.0 delivers multivector vulnerability assessment, asset categorization, threat simulation, penetration testing, and advanced security analytics

Boston, MA – May 15, 2013 – CORE Security®, a leading provider of predictive security intelligence solutions, today announced a major enhancement to its CORE Insight&trade Enterprise solution, with the launch of Insight 3.0. CORE Insight delivers multi-vector vulnerability assessment, asset categorization, threat simulation, penetration testing and advanced security analytics, all in the context of network topography. This unique combination feeds a unified security risk management console that streamlines the entire vulnerability management lifecycle – prioritizing and reducing risk in the context of business, regulatory compliance and operational metrics. Insight also offers improved automation that allows teams to focus on decreasing the costs and complexity of security management across an enterprise.

A recent report from Forrester® Research stated: "To say that the threat landscape is overwhelming is the understatement of the year. Targeted attacks are on the rise with increasing sophistication, and our detection and response capabilities are woefully inadequate. Advanced persistent threats, espionage, spear phishing, and disrupted denial of service attacks dominate the headlines."1 That same report observed: "Managing vulnerabilities and threats is the No. 2 priority for S&R (Security & Risk) professionals, and the changing/evolving nature of threats is the top security challenge organizations face." 2

As the Forrester report suggests, today's attacks on organizations are much more likely to be targeted, stealthy and slow-moving. Vulnerability scanning, virus signatures and firewall rules – even when paired with layered security architectures and consultants to fine tune configurations – rarely close the gap. Business leaders, IT and security stakeholders need to know what's happening, why it's happening and what actions to take. They want a single "view" that provides real-time intelligence into their risk posture.

Insight 3.0 provides advanced capabilities for a variety of requirements. For customers who have found that their current threat and risk management programs have come up short in their ability to identify meaningful IT risk at the decision maker and business level, Core Insight adds Predictive Security Intelligence technology to map a warehouse of security data to actionable risk information. CORE Insight correlates vulnerabilities, network topographies, and cyber-attack expertise to identify high-probability exposures and attack paths to the assets identified as critical--by the company. This unique combination allows security experts to prioritize and remediate the threats that are most likely to compromise critical assets. Using the intelligence that Insight delivers, organizations can focus resources most efficiently on the high-probability threats. Insight's advanced reporting capabilities deliver consistent measurement on operational risk at both the executive and technical levels.

For customers that are looking to consolidate their vulnerability scanning, web scanning, pen testing, and threat/risk analysis programs into a single, unified solution, Insight 3.0's Intelligent Vulnerability Managementcapabilities will help streamline and refine existing vulnerability management processes. Traditional vulnerability management is a cyclical practice of identifying, classifying, remediating and mitigating vulnerabilities. For most organizations this practice produces overwhelming amounts of data that is nearly impossible to prioritize and substantiate effectively, or with any consistency, using existing IT security resources or budgets. This commonly results in gaps that create risk and leave an organization vulnerable to attack.

CORE Insight 3.0 helps to solve this issue by consolidating, analyzing and prioritizing the overwhelming amounts of security data. Insight delivers in-depth analysis of this data to accurately identify attack paths, based on known vulnerabilities and exploits, which can be used to compromise network assets. Insight captures this data to identify the actual vulnerabilities which in turn allows security personnel to remediate the identified network assets far more efficiently. This knowledge allows for better patch management and security resources are used more efficiently and cost-effectively. Insight's reporting dashboard delivers customized reports based on the user's role, executive to technical, and helps to answer the question: "How secure is my organization?"

Insight/Impact Integration

Insight 3.0 also features the full integration of CORE Impact, the industry's leading penetration testing solution. Once an exploit is validated with CORE Insight, threat simulation scenarios can be fed to CORE Impact for targeted, live exploit testing and layered defense investigation. Deeper 'what-if' analysis findings can then be worked back into CORE Insight for risk analysis and modeling, operational qualification and reporting. This integration adds proven Impact functionality to Insight and offers a "closed-loop" process for identifying and remediating exploits.

"With today's constantly-evolving threat landscape, security professionals and business leaders don't need more security-related data, they need more security intelligence applied to that data. While existing vulnerability management solutions have delivered what they can, they fall short when it comes to analytics and intelligence," said Milan Shah, senior vice president of products and engineering at CORE Security. "With the delivery of Insight 3.0, we are providing a solution that streamlines the entire vulnerability management lifecycle –prioritizing and reducing risk in context of business, regulatory compliance and operational metrics that allows different types of users to get the available information they need quickly. The integration of Insight and Impact is also a huge step forward, as CORE and the industry moves to more consolidated solutions to deliver security intelligence."

Availability and Pricing

CORE Insight Enterprise 3.0 is available today and pricing is based on the number of assets scanned.

About CORE Security

CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company's innovative security research center. For more information, visit

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/16/2013 | 2:16:11 PM
re: CORE Security Announces Major Enhancement To CORE Insight Enterprise Solution
You mean Rapid7 and Qualys have been doing for YEARS!? hahah CORE is a joke and a follower.....
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

Best of the Web