If you haven’t already heard the news, Courion has acquired Core Security to provide you with robust, enterprise-grade vulnerability and risk management solutions. Together, we can offer you products and services that deliver a continuous and comprehensive view of your entire attack surface.
I asked Ray Suarez, Product Director, and Chris Sullivan, GM-Intelligence/Analytics to talk about the importance of Identity, Governance and Administration and Vulnerability Management. Here’s what they had to say.
Q: Why are Identity, Governance and Administration (IGA) so important?
A: In short, IGA is vital in order to manage the risk associated with any misalignment between users and their access within your organization. You can buzz it up by talking about threat surface and risk, but you are simply protecting card data, IP (your crown jewels), or the ability to prevent unintended transfer of large sums.
Q: Why is Vulnerability Management (VM) essential to information security programs?
A: Vulnerability management gives you visibility into which systems might be vulnerable, so you can focus your remediation efforts. Core’s VM solution helps secure your critical assets by consolidating vulnerability scan data, matching known exploits, and simulating possible, multi-vector real world attacks.
Both the VM and IGA solutions have reporting tools, control processes, and teams to do the work for you. However, attackers don’t separate their actions in this way. Let’s consider the Target breach attack path – remember, it was the HVAC vendor account (IGA)-VPN (VM)-BMC_user1 account (IGA)-C&C server (VM)-payment systems network firewall (VM)-dev, sw distribution, exfil servers (VM) path. Adversaries move quickly between the IGA and VM worlds, hiding in the cracks.
Q: How does Vulnerability Management complement IGA?
A: Courion is an IGA leader, recognized for delivering on the promise of security intelligence. Courion uses graph technology to give you a comprehensive view of your logical access–user–accounts–permissions–sub-permissions–roles and sub-roles and sub-sub-sub, and so on. In a mid-sized organization, this equals billions of changing security permutations. Courion’s analytics enable you to truly understand what’s important, so you know what you are requesting, reviewing, and approving. Core Security has long been the VM market leader, specifically recognized for simulating and validating what an adversary would do to reach your most critical business assets. Core's solutions also use graph technology to give you a comprehensive view of your layered infrastructure, so you are better able to understand what’s critical.
Together, we are working hard to connect the worlds of IGA and VM in order to bring you our combined solutions, domain expertise, and IP.
Welcome to Courion + Core Security, the only information security organization that can enable you to continuously and comprehensively mange access to your critical information and processes.
Contact us if you have any questions, or you can check out the press release to learn more.