Video: Validating Vulnerability Scans with Core Impact


While Core Impact is not a vulnerability scanner, you are able to import the results from most vulnerability scanners and attempt to validate the scanner’s findings. Impact does this by attempting to exploit the vulnerabilities initially reported by the scanner. Once that’s complete, you will get a report of what Impact was, and was not, able to exploit. Anything that wasn’t exploitable is not considered a real risk in the context of your environment. This can help you focus on the real weaknesses in your environments.

This function of Impact can help speed up remediation processes by having Impact prioritize the list of vulnerabilities that your scanners are spitting out. Impact can confirm which ones are actually exploitable in your environment – giving you priorities to follow up and act on. This allows you to quickly prioritize the weaknesses that can open real risk to your environment rather than just prioritizing by CVSS score and hoping that you can patch all the holes before an attacker finds them.

It’s time to put some context around the vulnerabilities in your infrastructure. Get started with Core Impact.