Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:35 PM
Dark Reading
Dark Reading
Products and Releases

Core Security Posts Record Growth In Revenues, Sales In Q4

Also added 100 new customers

BOSTON " Jan. 12, 2009 - Core Security Technologies, provider of CORE IMPACT Pro, the most comprehensive product for proactive enterprise security testing, today announced that it experienced record growth in 2009 highlighted by gains in its annual revenues and continued expansion of its customer base.

Specific milestones achieved by Core during 2009 include:

  • Double-digit revenue growth and record sales in Q4.

  • Addition of 100+ new customers to total over 900.

  • Record renewal rates.

  • Staff expansion to encompass development on three continents plus key executive additions.

  • Release of two major product versions, including the addition of wireless penetration testing.

  • High-profile CoreLabs research reports, advisories and government advocacy.

    Market-Leading Performance

    While many industry watchers suggested that the sluggish worldwide economy would have a negative effect on growth across most IT markets during 2009, Core Security achieved record revenues during the year. Compared to calendar 2008, privately held Core charted a double-digit gain in annual sales, driven by strong demand across major verticals including financial services, government, health care and education. Over the last five years, Core has achieved a compound annual growth rate of just under 50 percent.

    As the market for automated penetration testing solutions expanded rapidly over the last year, Core was consistently recognized by customers and industry analysts alike as the clear leader in terms of product and business maturity. This leadership was also highlighted by awards presented to Core by leading industry publications including SC Magazine (Top 20 Technologies of the Last 20 Years) and Channel Web Magazine (PCI: 20 Hot Compliance Products).

    The company closed 2009 with over 900 customers including over 25 percent of the Fortune 100.

    "Gaining visibility into security readiness continued to be a top-of-mind initiative for organizations in 2009," said Mark Hatton, CEO at Core. "This was evident in our many interactions with IT leaders seeking more effective ways to assess their exposure to IT risks, gauge their regulatory compliance standing, and filter through mountains of security systems and event data. They licensed CORE IMPACT in record numbers to address these challenges."

    Core Security also achieved its highest-ever license renewals during 2009, markedly exceeding industry-standard client retention rates as customers leveraged the benefits of automated penetration testing to expose real-world web application, wireless, client-side, and network threats in their IT infrastructures.

    Global Business Expansion During 2009, Core expanded its product development capabilities to span three continents and benefit from a truly global workforce. In addition to its primary product development team in Buenos Aires, Argentina, Core established development operations in Boston, Mass. and Bangalore, India.

    Core also brought onboard experienced senior executive leadership to help guide both its sales and development efforts, with Steve Pace joining the company as vice president of sales and Milan Shah occupying the newly created role of senior vice president of engineering.

    Consistent Product Advancement

    As scheduled, Core Security produced two new iterations of its CORE IMPACT Pro automated penetration testing solution, adding new levels of breadth and depth while continuing to refine its market-leading user interface and reporting capabilities. Among the most noteworthy expansions of the solution was the addition of wireless penetration testing capabilities fully integrated with its existing network, endpoint, web applications and end-user assessment functions, along with marked extension of the product's web applications testing features. IMPACT Pro's reporting capabilities specifically advanced via the addition of new cross-asset trends and graphical attack path report features, which allow customers to visualize successful avenues of attack against their most critical information assets.

    Core Security also launched another major product initiative in 2009 via the introduction of its User Statistics collection and usage sharing features. IMPACT Pro customers opt-in voluntarily and transmit anonymous testing data (i.e., number and types of exploits run, etc.) back to Core. Participants were able to begin viewing statistics trends drawn from across the customer community directly in the product's dashboard. In addition to providing the company with key usage data to help guide its future exploit and product development, participating customers (over 20 percent of total install base) have responded extremely favorably to the intelligence they have garnered from viewing testing trends across the broader IMPACT Pro user community. In particular, customers have cited the capability to benchmark their security posture both internally and against their peers as being fundamental in setting risk management objectives for the coming year.

    Industry-Leading Research and Government Standards Participation The work of CoreLabs researchers also experienced unparalleled heights during 2009, with experts participating in numerous speaking engagements at leading industry trade shows around the globe and publishing a record number of high-profile vulnerability advisories.

    Among the most noteworthy and highly publicized reports presented by CoreLabs researchers were talks delivered at the CanSecWest, Black Hat USA and OWASP Appsec conferences " detailing pressing issues including the ability to create BIOS-borne root kits; the opportunity to compromise onboard laptop security features to gain remote control of the machines; and new techniques for automatically discovering and exploiting cross-site scripting vulnerabilities in arbitrary web applications. Noteworthy advisories included vulnerabilities discovered in products made by companies including Apple, HP, IBM and Microsoft.

    Core Security also reinforced its commitment to help the U.S. government improve its ability to deal with the worldwide cybercrime epidemic. Core experts testified before the U.S. Senate Homeland Security committee and chaired the Threats Working Group of the CSIS Commission on Cyber Security for the 44th Presidency, which will provide revised recommendations to the Obama administration early in 2010.

    About Core Security Technologies Core Security Technologies is the leader in commercial-grade penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company's CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, wireless networks, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, Mass. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
    Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
    Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
    Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
    Cybercrime Groups More Prolific, Focus on Healthcare in 2020
    Robert Lemos, Contributing Writer,  2/22/2021
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    Building the SOC of the Future
    Building the SOC of the Future
    Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2021-03-01
    The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previousl...
    PUBLISHED: 2021-03-01
    When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request...
    PUBLISHED: 2021-03-01
    In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
    PUBLISHED: 2021-02-27
    SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
    PUBLISHED: 2021-02-27
    An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.