An Enterprising Future for Penetration Testing

October 14, 2009

When you speak to many security solutions vendors these days it quickly becomes clear how hard many of their executives and marketing teams still have to work to draw a straight line from the individual processes that their products promise to address to helping customers derive any big picture results that will truly help them manage their overall IT risk.

Here at Core Security, we’ve never really struggled with that problem, as automated penetration testing provides such clear insight into the widespread vulnerabilities that leave organizations exposed to real-world attacks every day.

But considering the future of our company and the next-generation products that we’re starting to build, framing the message about the overall value that we offer to organizations in helping them address their most pressing IT challenges is only becoming more succinct.

core_icon_red1Years ago, before pen testing had become the mainstream operational security practice that it is today, perhaps there was a greater need to explain to people how the time-consuming manual processes that we automate in our CORE IMPACT products help our customers to appreciate immense strategic and systematic security improvements.  

However, as electronic threats have continued to proliferate and forced people to rethink reactive security models, our value proposition – built on allowing organizations to rapidly determine their greatest points of exposure to many types of cyber-threats – has only grown increasingly clear.

Our next step – building enterprise security testing solutions that empower organizations to isolate, test and measure their IT vulnerabilities across an even broader set of IT assets, in an even more automated fashion, using the same penetration testing engine on which our current solutions are built – makes even more sense when you think about it.

Practical Management of IT Risk

Today, companies are telling us that there are literally drowning in the sheer volume of data generated by their security point technologies, including everything from IDS/IPS and firewalls, straight through to network and applications vulnerability scanners.

Meanwhile, existing security management technologies have proven useful in terms of helping organizations aggregate and filter security system and event data, but they fail to empower enterprises with the ability to broadly assess their exposure to attacks and make more informed decisions in a timely and cost efficient manner.

There’s no current solution on the market today that allows organizations to monitor, manage, measure and control their existing security standing in a top down manner, specifically in relation to real-world hacking and malware assaults. Based on this reality, organizations are telling us that they’re still struggling to understand if their state of security is actually improving, despite all the investments that they continue to make.

That ability to understand and manage IT risk at a higher level is exactly what Core’s next-generation enterprise security testing solutions will provide.

Organizations need a way to gauge their overall exposure to real-world threats that enables them to identify, test and then move to remediate vulnerabilities, then go back and retest those same issues to understand if they’re making real progress and maintain a consistent view into patterns of IT security risk.

This isn’t just about automating penetration testing – it’s about building a platform that brings together disparate streams of security data from the products that I’ve already mentioned, and many more, and tests against those results, reporting conclusions in a manner that allows organizations to know where their investments are paying off and where their biggest real-world exposures still exist.

For over a decade, Core Security has been proving the mettle of automated penetration testing in delivering these types of results on an operational IT security level. Our enterprise security testing solutions will empower organizations to gain a similar fix on their biggest security issues on a far broader and more comprehensive scale.

These solutions will directly address the most significant challenge facing most organizations today – sifting through all of their IT security data to isolate their real-world vulnerabilities and measure how well they’re performing in improving their standing over time.

That’s a big deal, and a logical next step in evolving our products; and we know that’s the case because it’s what our largest and most influential customers are telling us.

-Mark Hatton, President and CEO

 

.

  • Penetration testing

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!