Core Security Technologies announced CORE IMPACT 6.2, an enhanced edition of the company’s flagship software product designed to help companies easily and efficiently test their network security policies. CORE IMPACT 6.2 includes enhancements that enable organizations to more effectively test their security defenses against increasingly prevalent client-side attacks that rely on social engineering, such as spear phishing and e-mails with malicious content. The new version also features enhanced encryption and authentication capabilities to help testers more easily meet secure communication requirements during penetration tests, as well as expanded target platform support for testing networks with AIX systems.
According to the latest SANS Top 20 update for 2006, the increase in client-side vulnerabilities continues to gain momentum. The report also points to an increase in the number and severity of user-initiated threats such as phishing and spear phishing, and recommends that organizations undertake “safe phishing” as one of the best methods for averting these types of attacks. CORE IMPACT 6.2 introduces new functionality to make it easier for organizations to accurately assess their vulnerability to client-side attacks and to customize, perform and repeat safe phishing attacks to measure the effectiveness of their security defenses as well as their user security awareness initiatives.
CORE IMPACT 6.2 features new easy-to-use templates that allow security professionals to efficiently and effectively tailor client-side attacks to reflect the latest social engineering attack trends. Because both content and appearance of communications play a key role in establishing trust to solicit recipient action in attacks such as spear phishing and e-mails containing malicious attachments, Core Security has enhanced CORE IMPACT so that e-mails sent as part of a client-side penetration test can now be easily customized via new HTML templates. Penetration testers can also now save and reuse e-mail templates across different tests, as well as take advantage of several different existing templates already built into the product. In addition, testers can now automatically send e-mail to a group of targets, with content personalized with particular information about each specific recipient.