Core Security Technologies this week rolled out a new wares aimed at giving users greater breadth and depth of testing options. The vendor introduced Core IMPACT Essential along with version 7.6 of its flagship product which will now be known as Core IMPACT Pro.

Collectively, the two products will now support a comprehensive set of enterprises and computing environments, delivering on the need for organizations to proactively expose vulnerabilities, measure operational risk and gain visibility into the efficacy of security mechanisms throughout their infrastructure, according to Core officials.

“It’s clear that organizations have embraced security testing as a critical process for measuring the effectiveness of their security infrastructure and improving their ability to manage risk,” said Mark Hatton, CEO of Core Security Technologies in a statement. “Our ability to continue to adapt our solutions to the diverse needs of the marketplace and help companies stay ahead of threats in a proactive manner remains the strength of our company and our dedicated CoreLabs researchers.”

Charles Kolodgy, research director for secure content and threat management products at IDC, says he beleives companies of all sizes and architectures are going to be actively assessing their overall security posture and proactive testing is one of the most effective methods to do so. “Organizations need to be more aggressive about isolating their most significant risks and prioritizing their efforts around those problems, and testing allows you to do this quickly. CORE IMPACT Essential provides all organizations with a tool to assist them in effectively managing their vulnerabilities,” Kolodgy says

CORE IMPACT Essential will address the requirements of:

  • Large enterprises seeking to extend testing capabilities to branch offices.
  • Distributed enterprises with remote operations.
  • Smaller enterprises seeking to maximize vulnerability scanner results.
  • Computing environments with limited onsite IT expertise.
  • Organizations seeking to extend departmental testing capabilities.

“As a long time CORE IMPACT customer we’re excited to bring Essential onboard to augment our implementation of Pro and expand our use of proactive security testing to branch offices statewide,” said Robert Maley, chief information security officer for the Commonwealth of Pennsylvania in a statement. “As with many organizations today, we have a broad range of IT assets distributed across a number of locations, and the combination of the two products will allow us to administer tests quickly and easily throughout all our different operations. Until now we’ve had to rely on the use of network scanners in many distributed locations, but they simply do not provide the same level of specific, actionable information that allows us to isolate and address pressing areas of risk that need to be addressed immediately.”

Meanwhile the renamed version 7.6 of Core IMPACT Pro delivers:

  • Pv6 network support for organizations required to meet the June 30, 2008 deadline to have an IPv6-capable backbone.
  • A new Module Wizard that guides users through the process of creating templates for launching their own customized exploit modules.
  •  Added support for the use of Pro’s open Python debugging tools to make the creation of complex custom modules easier and more efficient.

Other significant enhancements in v7.6 address the product’s Web application testing capabilities including:

  •  Detection of additional critical vulnerabilities that make possible the take-over of underlying server operating systems.
  • Improved management and presentation of discovered vulnerabilities for more efficient and thorough testing.
  • Improved cookie handling for easier testing of web applications that involve user authentication.

CORE IMPACT Essential is available immediately and CORE IMPACT Pro v7.6 will be available in September.