Getting To The Core Of Today's Security Woes

In today's complex IT security world, it sometimes takes a thief to catch a thief. Solution providers are finding that the path to good security often comes by playing the bad guy. And that is where Core Security Technologies' Core Impact enters the picture.

Simply put, Core Impact is a penetration tool designed to attack a network and attempt to compromise systems. Unlike a vulnerability assessment tool, Core Impact seeks out vulnerabilities and then exploits them to help solution providers ascertain what damage can be done.

The product is also an automated tooladministrators simply schedule the test, and Core Impact follows that schedule to automatically test the target system. Core Impact is designed to be easy to use, and the reported information is easy to interpret. The product uses a Web- based console that guides administrators through designing a test macro, and wizards are offered to further simplify the process. Core Impact combines the results into meaningful groupings and only reports on successful exploits. This helps eliminate extraneous data and speeds remediation.

Although the product can be used in a "set up and report later" style, administrators also have the option of monitoring the product in realtime, which can be advantageous when testing for certain vulnerabilities. Also, the product lends itself well to compliance auditing, a requirement that many companies are now facing.

Once a scan is completed and vulnerabilities are identified and exercised, the product erases its tracks from the subject system, just as a hacker would. The reporting capabilities then come into play. Reports are customizable and offer extensive optionsfrom summary views to executive views to detailed reports. Detail logs are also available for further examination.

Getting started with the product requires a mandatory training session, which takes about two hours and can be done over the Web via a conferencing system. The short training period is a testament to the ease of use surrounding Core Impact. The company also has put safeguards into place to prevent the product from being used without a business' knowledge. Users must sign waivers and provide IP addresses for the systems to be tested. Those addresses are then hard-coded into the product to prevent the product from being used on unauthorized systems.

On the channel side, Core Security offers three levels for partners: Silver, Gold and Platinum. Levels are determined by volume and have two sublevels, option 1 and option 2.

Option 1 partners use Core Impact solely for demonstration purposes and sales of Core Impact licenses. The entry cost at this level is $7,500. The license may be used for initial evaluation services associated with the sale of the product.

Option 2 has an entry cost of $12,500 and permits a VAR to use the Core Impact license with the reseller's professional security services offerings.

Additional margins for the various levels are as follows: The Silver level offers a 25 percent discount on licenses of first-year subscriptions; the Gold level offers a 30 percent discount after payment of $100,000 in revenue from first-year subscriptions; and the Platinum level offers a 35 percent discount after payment of $200,000 in revenue from first-year subscriptions.

Those margins are on top of revenue garnered from consulting and initial sales, making the product very attractive to partners.