Solutions

• Solutions

• Solutions Overview
  • About Our Solutions
  • Determine Exposure to Real-World Threats
  • Perform Continual, Automated Testing
  • Assess Security Across IT Layers
  • Validate Security Controls
  • Connect Security Data to Business Risk

• Solutions by Industry
• Government
• Health Care
  • Respond to the HITECH ACT
  • Validate HIPAA Compliance
  • Limit Unauthorized Insider Activities
  • Maximize limited security staffing
  • Drive down Web-based Security Risks
  • Insulate Your Networks from Unauthorized Devices
  • Diminish the Impact of Social Engineering
  • Validate security investments
• Higher Education
  • Overview
  • Assess exposure to potential data breaches
  • Insulate networks from unmanaged devices
  • Limit unauthorized insider activities
  • Drive down web-based security risks
  • Maximize limited security staffing
  • Diminish the impact of social engineering
  • Validate security investments
  • Meet compliance demands

• Solutions for Compliance
  • Validate Security Controls
  • FISMA / NIST
    • NIST 800-137
    • NIST 800-39
    • NIST 800-53
  • GLBA
  • HIPAA
  • PCI
  • SOX
  • CAG

Security Testing Solutions for Government Organizations

Government organizations were among the earliest adopters of IT security testing and have played a highly influential role in developing the practice since its formative years.

Today, more government entities are performing security testing than ever before based on its recognition as a central element of mature IT security programs – and the increasing range of regulations that require agencies to conduct more frequent assessments. For instance, the National Institute of Standards and Technology (NIST) establishes penetration testing as the preferred method of auditing security controls. Furthermore, NIST Special Publication 800-37 states that a well-designed continuous monitoring strategy must also include proactivetesting to effectively mitigate risk.

• Learn how Core addresses federal guidelines calling for penetration testing and continuous monitoring

Core Security Technologies is the leading security testing software provider for government organizations. Please review the below resources for more information about how Core Security’s solutions enable federal, state and local agencies to proactively test their resiliency against real-world threats and data theft throughout their diverse environments.

• Compliance and Guidelines
• On-Demand Webcasts
• Case Studies
• Security Testing Solutions

Compliance and Guidelines

• FISMA/NIST:
  The NIST Special Publication (SP) 800 documents establish penetration testing as the preferred method for auditing security controls under the Federal Information Systems Management Act (FISMA).
  • NIST SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations
  • NIST SP 800-39, Revision 1: Guide for Applying the Risk Management Framework to Federal Information Systems
  • NIST SP 800-53, Revision 3: Recommended Security Controls for Federal Information Systems and Organizations

• Consensus Audit Guidelines (CAG)
  The introduction to the CAG guidelines, first published by training specialists at The SANS Institute in Feb. 2009, specifically cites the need for federal cyber-security controls that are tacitly proactive and can “inform defense” of actual attacks that have compromised systems, or those that could transpire to do so.

• Payment Card Industry (PCI)
  The PCI presents a prime target for hackers seeking access to credit card numbers, social security numbers and other consumer information.  The PCI Data Security Standard, which requires regular penetration testing, was established to govern all transactions involving cardholder data.

On-Demand Webcasts

Product Demonstrations

• Comprehensive Penetration Testing with CORE IMPACT Pro
  View a recorded demonstration of network, endpoint, web application and wireless penetration testing with CORE IMPACT Pro.
  
  
• Enterprise Security Testing and Measurement with CORE INSIGHT Enterprise
  CORE INSIGHT™ Enterprise is an automated security testing and measurement solution that allows you to continuously and proactively assess the security of your organization's most critical information assets. By traversing exploitable web application, network and client-side weaknesses throughout your enterprise, INSIGHT reveals paths of exposure to specific assets - providing clear, definitive metrics for efficiently validating your security controls and addressing data breach threats

Analyst Presentations

• Staying Ahead of Threats with John Pescatore
  Join distinguished analyst John Pescatore, of leading analyst firm Gartner, for insights into how IT security practices must evolve to mitigate the risks posed by today’s prolific threat environment.
  
  
• Building Security Metrics for the Enterprise
  Please join us for a highly strategic webcast during which Khalid Kark, Vice President and Principal Analyst at Forrester Research outlines his methodology – informed by hundreds of interviews with leading CISOs – for establishing and trending critical IT security metrics across the enterprise.
  
  
• Optimizing Vulnerability Management with Forrester Analyst Chenxi Wang
  Please join Core Security Technologies and Chenxi Wang of Forrester Research for a discussion of how proactive identification and validation of known (and unknown) vulnerabilities is helping IT security leaders to keep pace with the evolving threat landscape.

Industry Expert Presentations

• "All Roads Lead to Rome: How Cyber Terrorists are Exploiting Digital America"
  A must-listen, on-demand webcast with cutting-edge intelligence from Tom Kellermann, Core Security vice president of security awareness, and an influential member of the government cyber-security and IT risk management community.
  
  
• Aligning Your Agency with FISMA and NIST via Proactive Security Testing
  IT security and compliance expert Mike Rothman outlines the specific pen testing requirements of NIST SP 800-53a and explains how automated security testing solutions enable government agencies to accelerate their assessments and prove due diligence to third-party FISMA auditors.

Case Studies

• Commonwealth of Pennsylvania Case Study
  The Commonwealth of Pennsylvania was very heavily weighted towards implementing technical controls. There really wasn’t any strategy toward vulnerability scanning; pen testing or overarching strategy that risk analysis.

• State of South Carolina CIO Case Study
  Without being able to delineate which vulnerabilities posed tangible threats, the agencies often didn’t know how to begin addressing their security problems. While the security team had knowledge and skills that could help, they simply didn’t have the bandwidth necessary to provide widespread remediation services.

• West Point
  Educators in the ITOC continually look for new technologies to help them and their students solve new information security challenges. To that end, instructors recently determined they needed a more efficient way of showing students how computer networks are attacked, penetrated and have their resources compromised. Historically, educators had been relegated to using manual, time-consuming, homegrown tools to demonstrate how network information is vulnerable to an attack.

• The Royal Borough of Windsor and Maidenhead
  As with most government entities worldwide Windsor-Maidenhead has added considerable breadth and complexity to its IT systems over the last decade, in particular as it has moved to make many of its public services available to its citizens via Web applications. Through those efforts, Windsor-Maidenhead now supports a number of online transactional systems that allow citizens to pay bills and register for services over the Web, requiring the government to securely handle payment cards and customer account data on many of its sites.

Security Testing Solutions

Backed by Core Security’s ongoing vulnerability research and leading-edge threat expertise, IMPACT Pro allows you to take security testing to the next level by safely replicating a broad range of threats to your organization’s sensitive data and mission-critical infrastructure – providing extensive visibility into the cause, effect and prevention of data breaches.

• Learn more

CORE INSIGHT™ Enterprise is an automated security testing and measurement solution that allows you to continuously and proactively assess the security of your organization’s most critical information assets. By traversing exploitable web application, network and client-side weaknesses throughout your enterprise, INSIGHT reveals paths of exposure to specific assets – providing clear, definitive metrics for efficiently validating your security controls and addressing data breach threats.

• Learn more

Core WebVerify™ automated security testing software provides real-world intelligence on both your organization’s web application exposures and their implications for your broader operations – using the same techniques employed by actual attackers.

• Learn more

Core CloudInspect™ is the first and only automated cloud security testing solution to deliver on-demand intelligence regarding the security readiness of Amazon Web Services (AWS) deployments. With CloudInspect, AWS customers can proactively and safely test the security of their machine instances and web applications against real-world attacks – both to verify their security standing and to identify critical exposures requiring remediation. The service is pre-authorized by Amazon, allowing customers to conduct tests at their convenience and as frequently as they require.

• Learn more