Which Solution is Right for You?
Both CORE IMPACT Pro and CORE IMPACT Essential use automated penetration testing techniques to expose vulnerabilities, enable risk mitigation, and assure security effectiveness throughout your organization – and both are based on the same vulnerability research and leading-edge threat expertise.
When it comes to making a choice between the two products – or selecting both – it’s important to consider a number of factors, including:
- Threat vector breadth
- Depth of testing capabilities
- The size and scope of your security organization
Below is some information to get you started. However, the best way to determine which solution is right for you is to call (617) 399-6980 and ask to speak with a sales representative.
Threat Vector Breadth |
Essential |
Pro |
Network testing |
|
|
Vulnerability validation |
|
|
Endpoint testing |
|
|
Phishing emulation |
|
|
Web application testing |
|
|
Multistaged threat emulation |
|
|
Custom threat emulation |
|
|
IMPACT Pro and IMPACT Essential both:
- identify exploitable OS and services vulnerabilities on network systems, and validate the efficacy of antivirus, IDS, IPS, NAC and other perimeter defenses
- filter third-party network vulnerability scan results for imminent risks to your operations
- reveal critical OS, application and services exposures on endpoint systems, and gauge the effectiveness of endpoint antivirus systems
IMPACT Pro also:
- emulates phishing, spear phishing and other social engineering threats that take advantage of gaps in email-user security awareness
- tests for weaknesses in custom and out-of-the-box web applications, web servers and associated databases, and validate the efficacy of web application firewalls
- replicates real-world, multistaged threats by using privilege escalation and pivoting techniques that emulate the progression of a low-level exposure to a large-scale data breach
- allows you to run your own, custom exploit scripts to replicate highly specialized attacks against your specific environment
Depth of Testing Capabilities
CORE IMPACT Essential provides a fast and easy way to pinpoint critical network and endpoint vulnerabilities that can open the door to data breaches. CORE IMPACT Pro takes this a step further by replicating multistaged attacks that reveal chains of exposure from endpoint systems and web applications to mission-critical backend systems. As a result, you gain extensive visibility into the cause, effect and prevention of large-scale data breaches, enabling you to improve security throughout multiple levels of your organization’s information systems.
Security Organization Size and Scope
CORE IMPACT Pro is ideal for organizations with in-house security professionals who must conduct in-depth, comprehensive assessments of security readiness. IMPACT Pro provides dedicated security staff with automated penetration testing capabilities that increase the efficiency of security audits, while offering the granular control they need to customize tests to their specific requirements.
CORE IMPACT Essential is a great way to bring real-world security testing capabilities to branch offices and SMB computing environments that need to validate the criticality of vulnerabilities to prioritize remediation. It’s also a perfect solution for smaller organizations without dedicated security staff or where information security is part of a broader IT role.
Combining IMPACT Pro and IMPACT Essential provides the most comprehensive set of security testing capabilities across large and distributed computing environments. These organizations can equip centralized security teams with IMPACT Pro and departmental IT staff with IMPACT Essential. The combination allows local IT managers to stay on top of frontline network and endpoint vulnerabilities during the periods between more in-depth IMPACT Pro assessments.
Core Security Consulting Services
For organizations that demand additional support in their security testing efforts or prefer to have experienced practitioners come in and run the entire process, Core Security Technologies maintains a highly-skilled professional services practice that specializes in helping organizations protect their infrastructure and information assets via a set of targeted consulting offerings.
