Core Security Offers On-Demand Cloud Security Testing Service For Amazon Web Services

PRESS RELEASE

New York, New York, Cloud Computing Expo – June 6, 2011 – Technologies, a leading provider of security testing and measurement solutions, today added cloud security testing software-as-a-service (SaaS) to its security test and measurement solution portfolio. Available now, Core CloudInspect™ is an automated security testing solution to deliver on-demand, real-world intelligence on the security profile of Amazon Web Services (AWS) customer environments.

Forrester Research believes that, “cloud computing is a sustainable, long-term IT paradigm and the successor to previous mainframe, client/server, and network computing eras,” The Evolution of Cloud Computing Markets, Forrester, July 2010. More specifically in, Security and The Cloud, October 2010, Jonathan Penn, Forrester’s Vice President and Principal Analyst predicts cloud security, “will shift from being an inhibitor to an enabler of cloud services adoption.” He advises, “Tech industry strategists will have the opportunity to differentiate by improving the security and auditability of cloud environments through the development of new security solutions suited to the unique challenges of cloud services.” Core CloudInspect is an innovative example of such a new security solution.

With Core CloudInspect, AWS clients can proactively identify and validate exploitable weaknesses in their cloud-based machine instances and web applications. The service enables AWS administrators and operational security professionals to both evaluate systems in development and conduct repeated testing to reassess live deployments over time.

Delivered via a SaaS model, Core CloudInspect provides automated cloud security testing using safe and proven methods honed for over a decade in Core Security’s CORE IMPACT Pro penetration testing software. The service is backed by Core’s world-class vulnerability research, exploit writing, and application development resources, making Core Security the natural choice as a trusted, independent security testing provider for AWS clients.

“Amazon Web Services believes that security is paramount and that our clients should be able to easily and independently test the security of their AWS deployments,” said Stephen Schmidt, Chief Information Security Officer for Amazon Web Services. “We are pleased that our clients can take advantage of Core CloudInspect for an independent assessment of the security of their AWS-hosted instances and applications against threats.”

How it Works

A completely automated solution, CloudInspect allows users to quickly initiate security tests of multiple AWS-hosted instances and web pages and get back to other tasks. Clients simply log into the Core CloudInspect at www.CoreCloudInspect.com, authenticate their AWS deployment, identify instances and web pages to be assessed, and initiate the test. CloudInspect then automatically tests for exploitable weaknesses and delivers a variety of reports verifying security posture and providing actionable intelligence to help users quickly prioritize and remediate any exposures.

“Having conducted penetration tests on many cloud computing environments and as an early user of Core CloudInspect, I know that AWS clients will benefit from a simple and effective means of testing the security of their cloud-based instances and web applications. Core CloudInspect is an automated testing solution for the cloud that identifies exploitable vulnerabilities in systems and applications while verifying the security of cloud instances. Since cloud computing users should be testing their cloud deployments using the same methods used for on-premise systems and applications, it makes sense that Core, the leader in security testing and measurement solutions, would be the first-to-market with a cloud testing SaaS,” said David Shackleford, Principle, Voodoo Security.

“Sensitive data, company reputation and customer trust can all depend on cloud-based infrastructure as much as they do on in-house IT environments. It’s therefore critical for organizations to proactively validate the security of their cloud-based systems so they can better manage the risks associated with today’s threats,” said Mark Hatton, Core Security President and CEO. “Core CloudInspect enables organizations to easily and affordably verify their cloud security while benefiting from the efficiency and scalability offered by AWS. I’m proud that Core Security pioneered this innovative service.”

About Core Security Technologies

Core Security helps organizations bridge the gap between processing volumes of data and gaining actionable intelligence about proven security exposures. Our security test and measurement solutions empower customers with real-world security intelligence, security controls validation and metrics that allow them to more effectively secure their organizations and manage IT risks.

Core Security’s software solutions are used by more than a thousand commercial and government organizations worldwide. Our products range from desktop software tools for security experts to enterprise-wide automated testing and measurement platforms. All of our products and services are backed by over 15 years of leading-edge research and expertise from the company’s Security Consulting Services, CoreLabs Research and Core Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or online at http://www.coresecurity.com.

Amazon Forward-Looking Statements

This announcement contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. Actual results may differ significantly from management's expectations. These forward-looking statements involve risks and uncertainties that include, among others, risks related to competition, management of growth, new products, services and technologies, potential fluctuations in operating results, international expansion, outcomes of legal proceedings and claims, fulfillment center optimization, seasonality, commercial agreements, acquisitions and strategic transactions, foreign exchange rates, system interruption, inventory, government regulation and taxation, payments and fraud. More information about factors that potentially could affect Amazon.com's financial results is included in Amazon.com's filings with the Securities and Exchange Commission, including its most recent Annual Report on Form 10-K and subsequent filings.