Core’s Pledge: Safe and Controlled Security Testing
A significant concern for any company engaging in proactive security testing is that the work itself does not have a negative effect on any systems or processes, or take critical operations offline, in the process of emulating threats to see if IT and network assets are properly protected.
This is one of the best reasons to choose the CORE IMPACT family of products to carry out your security analyses -- because we have spent considerable time and effort, and continue to do so every day, to ensure that our customers won’t create any unexpected problems as a result of their testing projects.
Rigorous quality assurance
For starters, Core’s extensive library of exploits is put through a rigorous quality assurance process every single business day by a team of dedicated professionals whose sole job is to make certain that CORE IMPACT products will not have unpredicted or ancillary effects on tested systems, processes or users.
These QA specialists operate independently from our threat research and development groups, and they have no responsibility other than to examine each and every CORE IMPACT exploit on a daily basis for the specific purpose of protecting our customers from any unanticipated results from their testing work.
Prior to the addition of any new exploits to our IMPACT products and services, these QA pros scour the involved code inside and out to guarantee that the manner in which the programs interact with the systems they test won’t result in any lingering effects -- and they maintain this high level of scrutiny for all our threats, at all times.
One of the most significant tasks included in this work is the process of ensuring that when customers run IMPACT’s post-test clean-up feature, no active exploit code or functionality is left behind, and no backdoors have been created.
Keeping code off of tested systems
IMPACT’s design is such that the exploit code itself is never transferred onto the systems that are being tested, rather, its patented proxy agent -- itself a very small piece of software code -- takes commands from the system the product resides on, further ensuring that no piece of testing functionality is unintentionally left behind.
In the rare cases where the proxy agent is maintained on a device after a test is completed, based on the manner of analysis being executed, it is automatically erased from the system’s memory the first time that the involved machine is rebooted.
Maximizing system stability
Some of our exploits do have the potential to have interrupt systems processes based on the nature of the attacks they emulate, but long before one of these specific tests can be conducted, IMPACT users are specifically prompted in a high-profile manner to ensure that they understand the implications of their work. This is not a feature that can be turned off or bypassed by default to further guarantee that testers are fully aware of the potential of their actions.
One of the reasons that Core’s product engineers have gone to great lengths to make certain that our exploits won’t unexpectedly effect processes or interrupt services as they are executed is that IMPACT is built to recreate the same “slow and low” conditions that many of today’s attacks have adopted to hide from other security technologies.
Leaving no backdoors
Another common concern of security testers is ensuring that any exploits that they run will not establish a path by which attackers could someday find their own way into an organization’s networks or systems. IMPACT’s design once again guarantees that this scenario is not a possibility by deleting itself and any clues that could be used in such a nefarious manner.
Administrators and users unaware that IMPACT is being used on their environments typically have no idea that the testing work is being done because the technology was specifically built to run in as quiet a manner possible.
Independent safety validation in the field
While most of our customers do not take the effort to examine IMPACT’s code in a detailed basis to conduct their own research into its potential for unwanted side-effects, some of the largest and most secretive government organizations in the world have completed such testing of the products -- and remain loyal customers to this day.
No new vulnerabilities
It’s also important to remember, CORE IMPACT never creates any new security vulnerability in the execution of its tasks, rather, it merely finds the weak points that already exist in the systems it is testing and exploits those issues to help customers better protect themselves.
Keeping our products out of the wrong hands
Another area of concern with security testing technologies such as CORE IMPACT is that the products cannot find their way into the hands of malicious parties who may use the programs to carry out their own attacks.
We have engineered a number of functions into our products to protect against the very scenario.
Every single copy of IMPACT features a unique identifier that is associated with the organization that licenses the product at the time that they take delivery. As part of our comprehensive software update process, Core has the ability to know if a specific iteration of one of our products is being used by anyone but the explicit licensee, or if it has somehow been copied.
In the case that one of our products has been stolen or copied, we retain the ability to monitor where it is being used improperly, and disable the technology remotely.
Ensuring that IMPACT is only being used by licensed customers with the most legitimate intentions is another central aspect of our product’s design and value proposition.
A reputation based on trust
We stake our reputation on these claims, because the foundation of our business is built on the concept of customers’ trust that our products do everything that they claim to, and nothing they are not supposed to.
We maintain that this is one of the unique value propositions of our products and services when compared to some of the technologies and services with which CORE IMPACT competes.
