Core Security, maker of penetration testers used by “red teams” to identify security vulnerabilities, today announced beta availability of a fully automated testing solution with the ability to continuously test and measure the overall security standing of an enterprise.
Focus on data, not hardware
The company claims that the new product, Dubbed CORE INSIGHT Enterprise, represents a whole new class of security testing and measurement solutions. It differs from conventional solutions in that it focuses on data, not hardware. Rather than identifying which servers need to be protected, users begin by defining their sensitive assets (databases housing sensitive information, data formats such as social security numbers, etc.), on a global basis if necessary. CORE INSIGHT then searches the infrastructure for exploitable pathways to that data in real time.
According to CORE, moving the focus from protecting servers to protecting data may also lead to more cost-effective security efforts which more directly address business risks.
Confirmed exploitability
CORE INSIGHT’s approach also differs from conventional approaches in that it actually penetrates vulnerabilities, rather than operating on the basis of simulations or by aggregating historic log data. Demonstrating actual exposures eliminates the potential for false positives and allows organizations to proactively identify available paths to protected information spanning multiple layers of IT infrastructure.
The INSIGHT Enterprise Beta Program is now available to select organizations interested in implementing a prototype version of the security testing and measurement solution in appliance form.
