CORE Impact v12.3 demonstrates how network systems and devices, endpoints, web applications, wireless networks and mobile devices can be compromised by safely replicating a broad range of attacks through an extensive library of more than 2,500 commercial-grade exploits and other attack techniques developed by security researchers at CORE Labs™. Multi-staged attacks leveled by CORE Impact can deftly pivot across systems, devices and applications to reveal how chains of exploitable vulnerabilities and exposures can provide criminals with access to high-value data.
“Having the ability to actually run exploits against vulnerable devices as part of a security assurance process can provide perspective on what is really at risk, versus just theoretically vulnerable. In an integrated scenario a discovered vulnerability can be tested for exploit immediately, to either shorten the window of exposure or provide immediate reassurance,” according to Mike Rothman, President, Securosis in the recent blog post, “Vulnerability Management Evolution: Value-Add Technologies.”
New Desktop and Laptop Computer Testing Features
· Endpoint Assessment with No End-User Involvement
CORE Impact can now assess client-side applications and operating systems within Microsoft® Windows and Apple® Mac OS X-based laptop and desktop computers prior to deployment in live environments. This allows IT professionals to proactively identify and validate client-side vulnerabilities without the need to involve end-users via social engineering.
· Customizable Phishing Email Template Interface
When social engineering tests are required to assess end-user security awareness, CORE Impact 12.3 makes it easier for security professionals to customize email templates to replicate spear phishing attacks specially tailored to target the organization.
New Wireless Network Testing Features
· WPS-Enabled Device Information Gathering
CORE Impact now enables IT security teams to discover and record comprehensive information from deployed laptop and desktop computers including WiFi Protected Setup (WPS), name, model, serial number and manufacturer.
· Man-in-the-Middle (MITM) Wizard
This new feature allows users to create fake access points and perform predefined Man-in-the-Middle (MITM) tests against WiFi clients through high-interaction “honeypots.” Predefined actions can include WiFi client credential collection, redirection of clients to alternate web servers, or injection of exploits or other changes into their Internet traffic.
New Web Application Testing Features
· Certificate-Based Authentication
CORE Impact can now impersonate regular authenticated users of a web application to discover vulnerable areas that could be leveraged to compromise sensitive data and assets.
· Mobile Browser Impersonation
By impersonating mobile browsers, CORE Impact is now able to emulate the mobile experience and find vulnerabilities that are only accessible in mobile versions of web applications.
· Acunetix® Web Scanner integration
Enables users to import and validate Acunetix vulnerability scan results to identify critical, exploitable web application weaknesses. CORE Impact Pro also integrates with HP Web Inspect®, IBM AppScan®, and NTOSpider™ .
New and Enhanced Vulnerability Testing Reports
Provides IT and business executives with a single-page summary of testing activities and results in a visual format to enable them to both interpret and understand the results.
Reflects the completed testing results, details all exploits attempted – not just successful exploits – and provides high-level remediation suggestions.
· Vulnerability Validation
Efficiently validates resource deployment based on both industry and internal priority policies.
· Audit Mitigation
Provides data as to which vulnerabilities need to be patched or mitigated for use and review by internal and external auditor groups.
· Results Assessment
Provides a complete summary of assessment results as required for weekly, monthly or quarterly status updates of work completed.
· Attack Paths
Provides enhanced visual representation of possible attack paths leading to specific devices.
“Today’s threat landscape requires precision in vulnerability assessment and testing in order to provide IT professionals and executives alike with the confidence that their systems are secured against outside attacks and end-user mistakes. With the latest release of the industry-leading CORE Impact solution, IT professionals – for the first time – can perform comprehensive and reliable client-side tests without issuing social engineering tests on their end-user population, which can cause productivity and systems disruption,” said Milan Shah, senior vice president of Products and Engineering at CORE Security.
About CORE Impact Professional
CORE Impact Professional is the first and most comprehensive vulnerability assessment and testing software solution for proactively identifying critical information security exposures. Only CORE Impact empowers IT and security professionals to reveal the implications of Advanced Persistent Threats and other sophisticated attacks that jeopardize their organizations today. Unlike other vulnerability management solutions, CORE Impact provides customers with commercial-grade, multi-vector testing capabilities that safely replicate data breach attempts across network, client, web, mobile, and wireless environments. As a result, security teams gain actionable information for collaborating with compliance and business leaders to proactively prioritize and mitigate risk.
About CORE Security
CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company’s innovative security research center. For more information, visit www.coresecurity.com.