SlideShare a Scribd company logo

Core.co.enterprise.deck.06.16.10

Download as PPT, PDF
Core Security Technologies, profile picture
Core Security Technologies

Core Security Technologies is a leading provider of penetration testing software, with a strong customer base and diverse team. Their Core Impact solution automates penetration testing across various security layers, enabling organizations to identify vulnerabilities and validate security controls. The company aims to adapt to the changing security market by continuously evolving their offerings, such as the Core Insight Enterprise, to meet the needs of clients in maintaining security compliance and risk management.

Education
1 of 19
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Core Security Technologies Corporate Overview - CONFIDENTIAL - Mark Hatton, President and CEO - CONFIDENTIAL -
- CONFIDENTIAL - Core Security Technologies Today Who we are… and what makes us so relevant… Leading provider of commercial penetration testing software 950+ CORE IMPACT Pro customers Dozens of awards from press, test labs Segment leadership recognized by analysts, market watchers Diverse, highly accomplished organization ~180 employees (55 Boston, 110 Buenos Aires, 15 India) Highly experienced management team (fmr. Sophos, CA, SYMC) Professional product/exploit development ops 5 patents approved, 7 applications pending Groundbreaking threat research Leading-edge consulting services history CoreLabs vulnerability research team High-profile research community involvement
Customer Sampling Serving a cross-section of industry leaders 2 of 3 top Banks* 2 of 3 top Retailers* 2 of 3 top Telecoms* 9 of 12 US Federal Civilian Agencies Leaders in Healthcare & Entertainment * According to F1000 rank
Our Product Today… Core Impact Professional Software solution that automates penetration testing of: Networks Web Applications Clients & Endpoints Wireless Weaknesses, seams between all Users/Target Market Professional security testers Red Teams Operational Security Managers Vulnerability Management Managers Visionary CISOs … Why? More efficiently conduct penetration testing and red teaming Conduct multi-layer testing of defenses and security investments Test the seams between defensive layers Prioritize and inform remediation Meet PCI/FISMA compliance testing requirements Test, report, repeat, measure and benchmark - CONFIDENTIAL -
Test the Layers and the Seams - CONFIDENTIAL - Application Layer Host / OS Layer Network Layer Email Spreadsheet Browser App Scanners Customer Data Employee Records Network Device C Network Device B Network Device A SIEM GRC App Cfg Audting System Audting Config Reporting Vuln Scanning CISO ITSec Operations
Security Depth and Breadth Embedded Agents Disconnected - CONFIDENTIAL - 15+ Client Exploits / Month WEP & WPA Currently in research Currently in research Reflective Post Persistent (in Research) Established Recent Future Legend IDS/IPS WAF Ongoing research for new techniques Data via Web DB Data Files Asymmetric Dictionary Attack Ongoing with Exploits Agent direct Agent via SQLi RFI & SQLi Blind SQLi Postgres OWASP Adds DB2 Other Info Gathering Post-Exploitation Evasion Web HTML XSS 2.0 / RIA Client-Side Exploit Phish Wireless Network Devices Vulnerabilities Agent on NDs Database Vulnerabilities Application 2008 2009 2010 2011 2012 Windows 7 5+ Server Exploits / Month Server-Side OS Apps BREADTH DEPTH Currently in research Currently in research Currently in research Email/USB APs Handheld
What Sets us Apart Real-world: Proactively testing (in a safe and controlled manner) proves the existence of your most critical security exposures Enables customers to identify and validate the complex paths of security exposures that jeopardize specific, critical information assets within organizations Comprehensive: Integration across organization’s IT infrastructure; web network and endpoint systems, end users and wireless networks Stay ahead of constant changing mix of vulnerabilities and attack techniques Validation: Rather than hypothesizing, providing volumes of data or modeling, we demonstrable proof of what information assets are exposed and how it could occur This is the most realistic approach for ensuring that required security controls are in-place and working effectively
Market Differentiation Scanning (web and/or network) products identify potential weaknesses Data overload including false positives/negatives – not most critical threats Does not prove exploitability, limited-view point solution, single vector IT-GRC gathers information to aggregate and report Mostly used for higher-level policy and governance with little “R” SIEM aggregates real data, dash-boarding, drill-down, etc. SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell you if your defenses are working Operational data, not situational. Just incidents or log data from past events Security Risk Mgmt is simulator/model Correlates scanned, imported and entered data to infer highest risk vulnerabilities, doesn’t do actual testing Network only and works on models vs. a real test of the security DLP detects and prevents transmission of confidential information To date, the critical challenge of how to provide insight into actual risks across multiple layers of infrastructure still remains!
Security Market – The Game is Changing Security professionals manage complex, evolving (threat) environment Increasing expectations to contribute to fulfillment of business goals, including: Strategic mandates related to compliance, business continuity and risk management Obligations to prove efficacy of security controls to boards and business stakeholders Shift in the board room and management to focus on reputational risk Malware growth and cyber security attacks continue to grow exponentially Jump in demand for "business analysts" who embed with business units to keep risk mgmt practices integrated into business processes. Access to resources (bodies and dollars) is challenging Management of logs and event correlation challenging Increasing number of applications (point solutions) generating alerts and logs – firewall, intrusion detection systems, email/web content, anti virus, DLP, etc Mandates for security assessment, assurance continue to emerge … Legislative, industry and internal regulations PCI, HIPAA, FISMA/NIST, CAG, multiple pieces of pending U.S. government legislation Demand for due diligence by customers, investors and other stakeholders Requires ongoing measurement, benchmarking and reporting of security posture - CONFIDENTIAL -
- CONFIDENTIAL - Security Market Trends – Current View Endpoint Suites Network UTM Application Security Vulnerability Management [Other Point Products] Product B Product C Product A Security Incident and Event Management Alerts Log Mgt Event Correlation Compliance Certification Governance Risk and Compliance User Policy Compliance Compliance Workflow and Reporting Remediation Workflow and Reporting Anti-Virus HIPS Local Firewall NAC Patch Management Endpoint DLP Firewall IDS AV Gateway Full Disk Encryption Anti-Spam Net DLP DB Encryption IAM / Single Sign-On URL Filter DAM Vulnerability Scanning Web App Scanning Code Scanning WAF Penetration Testing DB Scanning Config Audit
- CONFIDENTIAL - Security Market Trends – Future View Endpoint Suites Network UTM Application Security Vulnerability Management [Other Point Products] IT Security Management Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee Product B Product C Product A Comprehensive Security Test and Measurement Verify and Validate Security Controls Measure Real-world Threat Readiness Measure Security Effectiveness Security Incident and Event Management Alerts Log Mgt Event Correlation Compliance Certification Governance Risk and Compliance User Policy Compliance Compliance Workflow and Reporting Remediation Workflow and Reporting Anti-Virus HIPS Local Firewall NAC Patch Management Endpoint DLP Firewall IDS AV Gateway Full Disk Encryption Anti-Spam Net DLP DB Encryption IAM / Single Sign-On URL Filter DAM Vulnerability Scanning Web App Scanning Code Scanning WAF Penetration Testing DB Scanning Config Audit
Our Future Product – Core Insight Enterprise Why: Pen testing established as standard process for security validation Org’s without internal expertise need to validate spending and controls while decreasing costs of vulnerability management Pro designed for individual user What (it is): Enterprise Test & Measurement Solution Continuously, proactively validate controls Evaluate exposure to real-world threats Transform vulnerability management Needs Addressed Answer the question “are we more secure today than we were yesterday?” Trend, delta and visual attack path information to allow benchmarking of security posture over time Validation of security standing, compliance, risk and security controls - CONFIDENTIAL -
IMPACT Pro Compared to Insight Two Very Different Products for Two Very Different Audiences CORE IMPACT Pro Core Enterprise User Professional pen testers (internal and external consultants) Red and Blue teams IT with security responsibilities CISOs/IT management Risk management IT development IT audit Consumer of Output Internal departments Operational security Administrative & compliance management Executive leadership Business and IT management Risk management Characteristics Software, windows-based Surgical focus; granular control In-depth testing across networks, web apps, clients, end users, WiFi Ability to pivot across multiple vulnerable systems and layers Targeted reporting including remediation recommendations Appliance or software, Linux Continuous, automated security testing Leverages asset-driven attack planning to calculate risk Role based No internal expertise required Goal of Test Demonstrate exploitability  Reveal what business critical data is exposed, in own business terms Value Proposition Test select IT assets against real-world attack techniques to identify exploitable vulnerabilities. Ability to benchmark and measure posture over time, calculate real-world risk, and validate mandated security controls
Benefits of Core Insight Enterprise Get out in front of security threats… Empower executive leadership with decision-making metrics Trend data to answer “the” question: “are we more or less secure than we were yesterday” Benchmark and validate effectiveness of security projects and controls Map IT / technical exposures to actual affect on business Gain actionable information about the underlying business implications of exposures Continuously monitor your IT infrastructure for changes in posture Proactively test, measure security status across Web, Network and Clients Manage data from disparate security technologies to chart exposures Regularly assess the impact of emerging threats to your organization Prepare more effectively for audits (compliance) with repeatable pre-audit testing Provide expanded testing services to development and IT groups Increase internal assessment capabilities without increasing headcount - CONFIDENTIAL -
Controls Verification and Effectiveness - CONFIDENTIAL - Legend Controls: PCI 11.3 CAG # 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Typical Products nCircle IP360, Gidean Secure- Fusion Bit9, Nessus eEye Retina, Nessus, nCircle Read Seal, Skybox, Athena Security FirePac Red Seal, Secure Passage, FireMon ArcSight, Splunk, Intelli-tactics Cenzic Hailstorm, Nessus MS Active Directory, Intelli-tactics Forescout Counter-Act nCircle, Qualys, McAfee Nessus, Rapid7, Skybox MS SMS, Security Blanket, Intelli-tactics Blink, MS SMS, Active Directory nCircle CCM, FireMon eEye Retina & Blink RSA DLP Test & Measure-ment SW Inventory and Whitelists Secure Configurations Secure Config of Network Devices Maintain and Monitor Audit Logs HW Inventory Boundary Defense Control Admin Privileges Control Access Vuln Assessment and Remediation Application Software Security Malware Defenses Wireless Device Control Data Loss Prevention Secure Network Engineering Network Ports and Protocols Penetration Testing Data Recovery Account Monitor and Control Skills Assessment/Training Incident Response CAG Test Future General Test Now Never CAG Test Now
The Innovation Behind Core Enterprise - CONFIDENTIAL - Step 1: Environment Profiling Provide layout of your IT assets, including network, applications and/or end users … or let Enterprise discover them independently Import data from vulnerability and/or web scanners Step 2: Goal Definition Define the goal of each Enterprise assessment campaign (e.g., being able to access pre-defined, sensitive business data) GOAL
The Innovation Behind Core Enterprise - CONFIDENTIAL - Step 3: Security Assessment Campaign Core Enterprise AI Algorithm (patent pending) determines most likely path to achieve Campaign goal Exploit Engine takes advantage of initial vulnerability to begin campaign AI Algorithm learns about the environment, analyzing results, re-adjusting path on-the-fly Exploit Engine leverages vulnerabilities along the way, effectively “opening doors” along the path GOAL AI Algorithm Exploit Engine
The Innovation Behind Core Enterprise GOAL - CONFIDENTIAL - Step 4: Report Generation Reports use your own business terms (e.g., brokerage client account numbers exposed by SQLi vulnerability in portfolio self-service application) Step 5: Ongoing Monitoring and Assessment Run the product on scheduled basis and monitor for deltas, trends and new breach points Delegate rights and responsibilities to users (e.g., red teams, auditors, developers, etc.) and/or offices – and monitor their results via dashboard Business Impact Report CISO Dashboard AI Algorithm Exploit Engine
- CONFIDENTIAL - Security Market Trends – Future View Endpoint Suites Network UTM Application Security Vulnerability Management [Other Point Products] IT Security Management Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee Product B Product C Product A Comprehensive Security Test and Measurement Verify and Validate Security Controls Measure Real-world Threat Readiness Measure Security Effectiveness Security Incident and Event Management Alerts Log Mgt Event Correlation Compliance Certification Governance Risk and Compliance User Policy Compliance Compliance Workflow and Reporting Remediation Workflow and Reporting Anti-Virus HIPS Local Firewall NAC Patch Management Endpoint DLP Firewall IDS AV Gateway Full Disk Encryption Anti-Spam Net DLP DB Encryption IAM / Single Sign-On URL Filter DAM Vulnerability Scanning Web App Scanning Code Scanning WAF Penetration Testing DB Scanning Config Audit

More Related Content

PPT
Business cases for software security
Marco Morana
 
PPT
Software Security Initiatives
Marco Morana
 
PDF
security_assessment_slides
Steve Arnold
 
PPTX
Information Security Assessment Offering
eeaches
 
PPT
M Kamens Iia Financial Services Presentation At Disney
kamensm02
 
PDF
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
 
PPT
Ca world 2007 SOC integration
Michael Nickle
 
PDF
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Business cases for software security
Marco Morana
 
Software Security Initiatives
Marco Morana
 
security_assessment_slides
Steve Arnold
 
Information Security Assessment Offering
eeaches
 
M Kamens Iia Financial Services Presentation At Disney
kamensm02
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
 
Ca world 2007 SOC integration
Michael Nickle
 
Rothke secure360 building a security operations center (soc)
Ben Rothke
 

What's hot (20)

PDF
Identifying Code Risks in Software M&A
Matt Tortora
 
PPTX
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
PPTX
Top 10 tips for effective SOC/NOC collaboration or integration
Sridhar Karnam
 
PDF
Building a Product Security Practice in a DevOps World
Arun Prabhakar
 
PPTX
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare ☁
 
PDF
AccelOps & SOC-NOC Convergence
Stephen Tsuchiyama
 
PPT
AMI Security 101 - Smart Grid Security East 2011
dma1965
 
PDF
Strategy considerations for building a security operations center
CMR WORLD TECH
 
PPTX
Security assessment isaca sv presentation jan 2016
EnterpriseGRC Solutions, Inc.
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
PPTX
Soc
Mukesh Chaudhari
 
PDF
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
PPT
SOC presentation- Building a Security Operations Center
Michael Nickle
 
PPT
It For Dummies Kamens 081107
kamensm02
 
PPTX
Rational application-security-071411
Scott Althouse
 
PDF
Chapter 12 iso 27001 awareness
newbie2019
 
PDF
Security operations center 5 security controls
AlienVault
 
PPTX
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
DOCX
Lancy-Curriculum Vitae
Lancy Menezes
 
PDF
PTX12_Presentation_George Delikouras AIA
George Delikouras
 
Identifying Code Risks in Software M&A
Matt Tortora
 
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
Top 10 tips for effective SOC/NOC collaboration or integration
Sridhar Karnam
 
Building a Product Security Practice in a DevOps World
Arun Prabhakar
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare ☁
 
AccelOps & SOC-NOC Convergence
Stephen Tsuchiyama
 
AMI Security 101 - Smart Grid Security East 2011
dma1965
 
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Security assessment isaca sv presentation jan 2016
EnterpriseGRC Solutions, Inc.
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Soc
Mukesh Chaudhari
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
SOC presentation- Building a Security Operations Center
Michael Nickle
 
It For Dummies Kamens 081107
kamensm02
 
Rational application-security-071411
Scott Althouse
 
Chapter 12 iso 27001 awareness
newbie2019
 
Security operations center 5 security controls
AlienVault
 
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
Lancy-Curriculum Vitae
Lancy Menezes
 
PTX12_Presentation_George Delikouras AIA
George Delikouras
 
Ad

Similar to Core.co.enterprise.deck.06.16.10 (20)

PDF
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
PPT
Smart security solutions for SMBs
Jyothi Satyanathan
 
PPTX
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Andris Soroka
 
PDF
2010 Sc World Congress Nyc
Bob Maley
 
PPT
NH Bankers 10 08 07 Kamens
kamensm02
 
PDF
Scalar Security Roadshow April 2015
Scalar Decisions
 
PPT
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
PDF
Big Data Analytics Solutions
Harman DTS
 
PDF
Security is our duty and we shall deliver it - White Paper
Mohd Anwar Jamal Faiz
 
PPTX
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik
 
PDF
Irv Badr: Managing Risk Safety and Security Compliance
EnergyTech2015
 
PDF
Panda Security - Adaptive Defense 360
Panda Security
 
PDF
Complicate, detect, respond: stopping cyber attacks with identity analytics
CA Technologies
 
PDF
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
PDF
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
NetworkCollaborators
 
PPT
How to improve endpoint security on a SMB budget
Lumension
 
PPT
Web Application Security Testing
Marco Morana
 
PDF
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
PPTX
IBM Relay 2015: Securing the Future
IBM
 
PDF
5 Steps to Mobile Risk Management
DMIMarketing
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
sucesuminas
 
Smart security solutions for SMBs
Jyothi Satyanathan
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Andris Soroka
 
2010 Sc World Congress Nyc
Bob Maley
 
NH Bankers 10 08 07 Kamens
kamensm02
 
Scalar Security Roadshow April 2015
Scalar Decisions
 
Security Considerations in Process Control and SCADA Environments
amiable_indian
 
Big Data Analytics Solutions
Harman DTS
 
Security is our duty and we shall deliver it - White Paper
Mohd Anwar Jamal Faiz
 
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik
 
Irv Badr: Managing Risk Safety and Security Compliance
EnergyTech2015
 
Panda Security - Adaptive Defense 360
Panda Security
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
CA Technologies
 
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
NetworkCollaborators
 
How to improve endpoint security on a SMB budget
Lumension
 
Web Application Security Testing
Marco Morana
 
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
IBM Relay 2015: Securing the Future
IBM
 
5 Steps to Mobile Risk Management
DMIMarketing
 
Ad

Recently uploaded (20)

PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
master seminar digital applications in india
ananyaray35
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
RMMM.pdf make it easy to upload and study
sajedul2
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 

Core.co.enterprise.deck.06.16.10

  • 1. Core Security Technologies Corporate Overview - CONFIDENTIAL - Mark Hatton, President and CEO - CONFIDENTIAL -
  • 2. - CONFIDENTIAL - Core Security Technologies Today Who we are… and what makes us so relevant… Leading provider of commercial penetration testing software 950+ CORE IMPACT Pro customers Dozens of awards from press, test labs Segment leadership recognized by analysts, market watchers Diverse, highly accomplished organization ~180 employees (55 Boston, 110 Buenos Aires, 15 India) Highly experienced management team (fmr. Sophos, CA, SYMC) Professional product/exploit development ops 5 patents approved, 7 applications pending Groundbreaking threat research Leading-edge consulting services history CoreLabs vulnerability research team High-profile research community involvement
  • 3. Customer Sampling Serving a cross-section of industry leaders 2 of 3 top Banks* 2 of 3 top Retailers* 2 of 3 top Telecoms* 9 of 12 US Federal Civilian Agencies Leaders in Healthcare & Entertainment * According to F1000 rank
  • 4. Our Product Today… Core Impact Professional Software solution that automates penetration testing of: Networks Web Applications Clients & Endpoints Wireless Weaknesses, seams between all Users/Target Market Professional security testers Red Teams Operational Security Managers Vulnerability Management Managers Visionary CISOs … Why? More efficiently conduct penetration testing and red teaming Conduct multi-layer testing of defenses and security investments Test the seams between defensive layers Prioritize and inform remediation Meet PCI/FISMA compliance testing requirements Test, report, repeat, measure and benchmark - CONFIDENTIAL -
  • 5. Test the Layers and the Seams - CONFIDENTIAL - Application Layer Host / OS Layer Network Layer Email Spreadsheet Browser App Scanners Customer Data Employee Records Network Device C Network Device B Network Device A SIEM GRC App Cfg Audting System Audting Config Reporting Vuln Scanning CISO ITSec Operations
  • 6. Security Depth and Breadth Embedded Agents Disconnected - CONFIDENTIAL - 15+ Client Exploits / Month WEP & WPA Currently in research Currently in research Reflective Post Persistent (in Research) Established Recent Future Legend IDS/IPS WAF Ongoing research for new techniques Data via Web DB Data Files Asymmetric Dictionary Attack Ongoing with Exploits Agent direct Agent via SQLi RFI & SQLi Blind SQLi Postgres OWASP Adds DB2 Other Info Gathering Post-Exploitation Evasion Web HTML XSS 2.0 / RIA Client-Side Exploit Phish Wireless Network Devices Vulnerabilities Agent on NDs Database Vulnerabilities Application 2008 2009 2010 2011 2012 Windows 7 5+ Server Exploits / Month Server-Side OS Apps BREADTH DEPTH Currently in research Currently in research Currently in research Email/USB APs Handheld
  • 7. What Sets us Apart Real-world: Proactively testing (in a safe and controlled manner) proves the existence of your most critical security exposures Enables customers to identify and validate the complex paths of security exposures that jeopardize specific, critical information assets within organizations Comprehensive: Integration across organization’s IT infrastructure; web network and endpoint systems, end users and wireless networks Stay ahead of constant changing mix of vulnerabilities and attack techniques Validation: Rather than hypothesizing, providing volumes of data or modeling, we demonstrable proof of what information assets are exposed and how it could occur This is the most realistic approach for ensuring that required security controls are in-place and working effectively
  • 8. Market Differentiation Scanning (web and/or network) products identify potential weaknesses Data overload including false positives/negatives – not most critical threats Does not prove exploitability, limited-view point solution, single vector IT-GRC gathers information to aggregate and report Mostly used for higher-level policy and governance with little “R” SIEM aggregates real data, dash-boarding, drill-down, etc. SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell you if your defenses are working Operational data, not situational. Just incidents or log data from past events Security Risk Mgmt is simulator/model Correlates scanned, imported and entered data to infer highest risk vulnerabilities, doesn’t do actual testing Network only and works on models vs. a real test of the security DLP detects and prevents transmission of confidential information To date, the critical challenge of how to provide insight into actual risks across multiple layers of infrastructure still remains!
  • 9. Security Market – The Game is Changing Security professionals manage complex, evolving (threat) environment Increasing expectations to contribute to fulfillment of business goals, including: Strategic mandates related to compliance, business continuity and risk management Obligations to prove efficacy of security controls to boards and business stakeholders Shift in the board room and management to focus on reputational risk Malware growth and cyber security attacks continue to grow exponentially Jump in demand for "business analysts" who embed with business units to keep risk mgmt practices integrated into business processes. Access to resources (bodies and dollars) is challenging Management of logs and event correlation challenging Increasing number of applications (point solutions) generating alerts and logs – firewall, intrusion detection systems, email/web content, anti virus, DLP, etc Mandates for security assessment, assurance continue to emerge … Legislative, industry and internal regulations PCI, HIPAA, FISMA/NIST, CAG, multiple pieces of pending U.S. government legislation Demand for due diligence by customers, investors and other stakeholders Requires ongoing measurement, benchmarking and reporting of security posture - CONFIDENTIAL -
  • 10. - CONFIDENTIAL - Security Market Trends – Current View Endpoint Suites Network UTM Application Security Vulnerability Management [Other Point Products] Product B Product C Product A Security Incident and Event Management Alerts Log Mgt Event Correlation Compliance Certification Governance Risk and Compliance User Policy Compliance Compliance Workflow and Reporting Remediation Workflow and Reporting Anti-Virus HIPS Local Firewall NAC Patch Management Endpoint DLP Firewall IDS AV Gateway Full Disk Encryption Anti-Spam Net DLP DB Encryption IAM / Single Sign-On URL Filter DAM Vulnerability Scanning Web App Scanning Code Scanning WAF Penetration Testing DB Scanning Config Audit
  • 11. - CONFIDENTIAL - Security Market Trends – Future View Endpoint Suites Network UTM Application Security Vulnerability Management [Other Point Products] IT Security Management Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee Product B Product C Product A Comprehensive Security Test and Measurement Verify and Validate Security Controls Measure Real-world Threat Readiness Measure Security Effectiveness Security Incident and Event Management Alerts Log Mgt Event Correlation Compliance Certification Governance Risk and Compliance User Policy Compliance Compliance Workflow and Reporting Remediation Workflow and Reporting Anti-Virus HIPS Local Firewall NAC Patch Management Endpoint DLP Firewall IDS AV Gateway Full Disk Encryption Anti-Spam Net DLP DB Encryption IAM / Single Sign-On URL Filter DAM Vulnerability Scanning Web App Scanning Code Scanning WAF Penetration Testing DB Scanning Config Audit
  • 12. Our Future Product – Core Insight Enterprise Why: Pen testing established as standard process for security validation Org’s without internal expertise need to validate spending and controls while decreasing costs of vulnerability management Pro designed for individual user What (it is): Enterprise Test & Measurement Solution Continuously, proactively validate controls Evaluate exposure to real-world threats Transform vulnerability management Needs Addressed Answer the question “are we more secure today than we were yesterday?” Trend, delta and visual attack path information to allow benchmarking of security posture over time Validation of security standing, compliance, risk and security controls - CONFIDENTIAL -
  • 13. IMPACT Pro Compared to Insight Two Very Different Products for Two Very Different Audiences CORE IMPACT Pro Core Enterprise User Professional pen testers (internal and external consultants) Red and Blue teams IT with security responsibilities CISOs/IT management Risk management IT development IT audit Consumer of Output Internal departments Operational security Administrative & compliance management Executive leadership Business and IT management Risk management Characteristics Software, windows-based Surgical focus; granular control In-depth testing across networks, web apps, clients, end users, WiFi Ability to pivot across multiple vulnerable systems and layers Targeted reporting including remediation recommendations Appliance or software, Linux Continuous, automated security testing Leverages asset-driven attack planning to calculate risk Role based No internal expertise required Goal of Test Demonstrate exploitability  Reveal what business critical data is exposed, in own business terms Value Proposition Test select IT assets against real-world attack techniques to identify exploitable vulnerabilities. Ability to benchmark and measure posture over time, calculate real-world risk, and validate mandated security controls
  • 14. Benefits of Core Insight Enterprise Get out in front of security threats… Empower executive leadership with decision-making metrics Trend data to answer “the” question: “are we more or less secure than we were yesterday” Benchmark and validate effectiveness of security projects and controls Map IT / technical exposures to actual affect on business Gain actionable information about the underlying business implications of exposures Continuously monitor your IT infrastructure for changes in posture Proactively test, measure security status across Web, Network and Clients Manage data from disparate security technologies to chart exposures Regularly assess the impact of emerging threats to your organization Prepare more effectively for audits (compliance) with repeatable pre-audit testing Provide expanded testing services to development and IT groups Increase internal assessment capabilities without increasing headcount - CONFIDENTIAL -
  • 15. Controls Verification and Effectiveness - CONFIDENTIAL - Legend Controls: PCI 11.3 CAG # 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Typical Products nCircle IP360, Gidean Secure- Fusion Bit9, Nessus eEye Retina, Nessus, nCircle Read Seal, Skybox, Athena Security FirePac Red Seal, Secure Passage, FireMon ArcSight, Splunk, Intelli-tactics Cenzic Hailstorm, Nessus MS Active Directory, Intelli-tactics Forescout Counter-Act nCircle, Qualys, McAfee Nessus, Rapid7, Skybox MS SMS, Security Blanket, Intelli-tactics Blink, MS SMS, Active Directory nCircle CCM, FireMon eEye Retina & Blink RSA DLP Test & Measure-ment SW Inventory and Whitelists Secure Configurations Secure Config of Network Devices Maintain and Monitor Audit Logs HW Inventory Boundary Defense Control Admin Privileges Control Access Vuln Assessment and Remediation Application Software Security Malware Defenses Wireless Device Control Data Loss Prevention Secure Network Engineering Network Ports and Protocols Penetration Testing Data Recovery Account Monitor and Control Skills Assessment/Training Incident Response CAG Test Future General Test Now Never CAG Test Now
  • 16. The Innovation Behind Core Enterprise - CONFIDENTIAL - Step 1: Environment Profiling Provide layout of your IT assets, including network, applications and/or end users … or let Enterprise discover them independently Import data from vulnerability and/or web scanners Step 2: Goal Definition Define the goal of each Enterprise assessment campaign (e.g., being able to access pre-defined, sensitive business data) GOAL
  • 17. The Innovation Behind Core Enterprise - CONFIDENTIAL - Step 3: Security Assessment Campaign Core Enterprise AI Algorithm (patent pending) determines most likely path to achieve Campaign goal Exploit Engine takes advantage of initial vulnerability to begin campaign AI Algorithm learns about the environment, analyzing results, re-adjusting path on-the-fly Exploit Engine leverages vulnerabilities along the way, effectively “opening doors” along the path GOAL AI Algorithm Exploit Engine
  • 18. The Innovation Behind Core Enterprise GOAL - CONFIDENTIAL - Step 4: Report Generation Reports use your own business terms (e.g., brokerage client account numbers exposed by SQLi vulnerability in portfolio self-service application) Step 5: Ongoing Monitoring and Assessment Run the product on scheduled basis and monitor for deltas, trends and new breach points Delegate rights and responsibilities to users (e.g., red teams, auditors, developers, etc.) and/or offices – and monitor their results via dashboard Business Impact Report CISO Dashboard AI Algorithm Exploit Engine
  • 19. - CONFIDENTIAL - Security Market Trends – Future View Endpoint Suites Network UTM Application Security Vulnerability Management [Other Point Products] IT Security Management Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee Product B Product C Product A Comprehensive Security Test and Measurement Verify and Validate Security Controls Measure Real-world Threat Readiness Measure Security Effectiveness Security Incident and Event Management Alerts Log Mgt Event Correlation Compliance Certification Governance Risk and Compliance User Policy Compliance Compliance Workflow and Reporting Remediation Workflow and Reporting Anti-Virus HIPS Local Firewall NAC Patch Management Endpoint DLP Firewall IDS AV Gateway Full Disk Encryption Anti-Spam Net DLP DB Encryption IAM / Single Sign-On URL Filter DAM Vulnerability Scanning Web App Scanning Code Scanning WAF Penetration Testing DB Scanning Config Audit

Editor's Notes

  • #6: Number of vulnerabilities is increasing False positives are un-manageable
  • #10: Additional points for the “environment” section Growing opportunities for cyber-criminals Cybercriminals have low barriers to entry + low risk of getting caught New attack tools and techniques are emerging & new vulnerabilities are constantly discovered Increasing attack frequency and publicity High-profile reports of multiple public- and private-sector security breaches and exposures Widespread adoption of Enterprise 2.0 technologies including social media New customized web applications and other technologies expand attack surfaces User adoption and trust underscores importance of end-user security awareness testing