For those of you who have met me in person at the hundreds (thousands?) of events and conferences that I‘ve attended during my years at Core, you likely already know that my preferred mode of communication is to listen to what others are talking about rather than to try to convince them that my view of the world is “how it is.”
Following suit, in CORE IMPACT Pro v10.5 we‘ve added a number of capabilities that people have specifically told us would be important to them; capabilities that enable them to meet the true promise of IMPACT Pro and allow their organizations to quickly assess the security posture of an environment, and accurately report both their current standing, as well as how that posture may have changed over time.
Of these additions, the functionality that has generated the most excitement is the new integration offered between IMPACT Pro and the Metasploit Framework. Considering that Metasploit has been around almost as long as IMPACT Pro has been available, it’s no surprise that our customers have asked for us to make it easier to use Metasploit alongside IMPACT Pro.
The Meterpreter plugin now allows our customers to easily deploy an IMPACT Pro Agent onto any machine that they have gain access to via Metasploit. And for those customers who simply want to run Metasploit alongside IMPACT Pro, they can now have the Attack and Penetration Wizard call and run Metasploit’s db_autopwn feature directly from our product.
Continuing on that the theme of extending the way that IMPACT Pro interacts with the many other security applications and tools employed by our users is a newly added ability to export our results in Security Content Automation Protocol (SCAP) format.
This standard language for communicating information about a machine – and the actual vulnerabilities present on that machine – allows any system that can report or act on such information to more easily understand the results of an IMPACT Pro test.
Also count among the new methods of exporting data from IMPACT Pro our added delivery of an integration with vulnerability assessment specialist Qualys’ PCI Connect SaaS Platform.
And for our friends who work in the public sector, the change of agent encryption to the AES standard will also prove handy for those specifically bound by FIPS-140.
Supplementing these additions driven directly by my time spent talking to people working to secure their environments or measure the security of their environments are the IMPACT Pro usage stats that a growing number of our customers have chosen to share with us in an anonymous fashion.
By analyzing this data we’re beginning to draw some interesting conclusions about just how people utilize IMPACT Pro and that state of the world as seen by penetration testers using the product.
With IMPACT Pro v10 we began sharing this data back to those customers who are sending their testing information to help them better understand how their testing practices and results stack up compared to the rest of the participating customer community.
With v10.5, we’ve now added the ability for organizations to tell us what industry that they belong to – so now you use this feature to see just how you compare to other IMPACT Pro users from within your specific area of business.
Speaking of community, this month marks the one year anniversary of the formalized Core Customer Community (CCC) program. For those of you who best know Core (and myself), you know that our customers have always been very important to us in terms of driving our overall development plans.
Over the past year we’ve held 19 individual CCC events at which we’ve been able to meet with over 200 users from within more than 130 different customer accounts to talk to them about IMPACT Pro and how it fits into their overall security strategy.
This has pushed us to introduce the over 200 other enhancements arriving in v10.5, including the availability of vulnerability CVSS scores, new e-mail domain and address gathering capabilities from social network sites, more resilient agent “keepalives” and some scheduler improvements – along with countless numbers of other user-driven improvements that we know will help IMPACT Pro provide even more value.
So, can I hear you now? Quite simply, yes, and the proof is in the product, so check it out for yourself and let us know what you think. I for one feel that more than ever this attentiveness shows in what we’ve delivered in IMPACT Pro v10.5, and I look forward to continuing the conversation.
-Alex Horan, Product Management Director