Complementing Vulnerability Scans with Real-World Security Testing
To effectively protect your organization's information assets, a vulnerability management strategy must encompass multiple steps - from scanning to remediation:
- Scan network servers, workstations, firewalls, routers and various applications for vulnerabilities.
- Identify which vulnerabilities pose real threats to your network.
- Determine the potential impact of exploited vulnerabilities.
- Prioritize and execute remediation efforts.
Scanning applications can provide a key component to the vulnerability management process by helping you to understand your organization's potential vulnerabilities. Penetration testing with CORE IMPACT builds on this process by identifying which vulnerabilities are real, while determining if and how they can be exploited. This gives you the information you need to intelligently prioritize remediation efforts and effectively allocate security resources.
CORE IMPACT allows you to address each step of the vulnerability management process:
- Safely mimic the actions of hackers and worms to identify vulnerabilities.
- Discern vulnerabilities that pose actual threats to network resources, thereby eliminating false positives.
- Exploit trust relationships between network components to demonstrate actual attack paths.
- Assess the potential risks of specific vulnerabilities to assist with remediation efforts.
- Test the ability other security investments to detect and prevent attacks.
Ensure Comprehensive Vulnerability Management, with or without a Scanner
CORE IMPACT integrates with the most widely-used vulnerability scanners, allowing you to import scan results and run exploits to test identified vulnerabilities. However, you don't need to have a vulnerability scanner to use IMPACT. In the Information Gathering phase, IMPACT will independently identify servers, services, etc., enabling it intelligently determine the appropriate exploits to run.
