Core Unveils New Capability for Testing Network Defenses

By | May 30, 2006

Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today announced the release of the new CORE IMPACT(TM) Traffic Masking capability. Organizations can now more robustly test their network security defenses with advanced attacker techniques and accurately determine the potential consequences of having a network vulnerability exploited.

The Traffic Masking capability initially includes two techniques: robust MSRPC fragmentation and the industry´s first MSRPC traffic encryption. These features enable companies to test the effectiveness of their current and future investments in network detection, including firewalls, intrusion detection (IDS) and intrusion prevention (IPS) systems. All the product´s exploits have been tested, and if necessary modified, to ensure compatibility with the functionality. The new Traffic Masking capability is available immediately, at no additional cost to CORE IMPACT users.

“Attackers are constantly innovating with new approaches to avoid detection and successfully compromise networks,” said Jack Walsh, program manager for network intrusion prevention systems at ICSA Labs. “It is important for organizations to test their network security defenses to ensure that they are achieving the level of security desired. Core Security Technologies provides a comprehensive penetration testing product, which helps its customers more effectively protect themselves from ever-changing attack scenarios.”

“When making security investments that can cost hundreds of thousands of dollars, we have to be sure that the technology we implement can effectively mitigate problems. In order to accurately test the effectiveness of security products, we run everything through CORE IMPACT,” said Andre Gold, information security director, Continental Airlines. “Thanks to IMPACT, Continental now has an asset that allows us to validate the claims of security vendors and we can now trust the security technologies we invest in. This penetration testing product has saved us hundreds of thousands of dollars by helping us make the right decisions.”

As the adoption of network detection technologies has become more widespread, attackers have developed increasingly sophisticated methods for circumventing them, including the modification of network traffic to mask exploits and evade detection. To help companies combat threats and identify potential vulnerabilities in their security investments, Core Security has created new penetration testing methods for evaluating the effectiveness of these systems. These new capabilities are part of IMPACT´s underlying framework and can be utilized in conjunction with the product´s MSRPC exploits. The new techniques include:

Robust MSRPC Fragmentation: Using this technique, CORE IMPACT users can now break their attack traffic into very small pieces, making detection more challenging for security devices. By testing their defenses with CORE IMPACT, companies can now ensure that their security investments provide the highest levels of protection against threats deployed using fragmentation to mask malicious payloads.

Encryption: Core Security has created the first automated technology for testing networks with attacks that are encrypted using MSRPC-supported encryption. Encryption, though extremely beneficial for enabling secure communication between legitimate parties, can become a dangerous traffic masking tool when used by attackers. Using this new technique in CORE IMPACT, companies can now, for the first time, test if their security defenses are effective against encrypted threats.

For additional technical information, please download a white paper on the subject: Core expects to enhance the Traffic Masking capability with additional techniques in future releases.

“Security technologies represent a substantial investment for companies–and if they don´t fully protect you, the consequences of a single breach will far outweigh their purchase price,” said Paul Paget, CEO, Core Security Technologies. “By introducing the new Traffic Masking capability in CORE IMPACT, Core Security is continuing its commitment to providing security professionals with the best combination of proactive tools and actionable information they need to better secure their networks.”

Leave a Reply