We’re very excited to announce a first-of-its kind partnership with the terrific people over at Core Security, a provider of predictive analytics security solutions and maker of Core Impact and Core Insight. Together, we will be working over the next two months to develop an integrated solution using NTOSpider and Core Insight™ Enterprise to automatically discover application vulnerabilities, and pinpoint enterprise-wide operational and business risks. This is big - with next generation application vulnerability testing software.
Put it this way. With this integration, NTOSpider software will tell you which doors and windows are open in your “house” and Core’s software will automatically read that input, then walk through each and every door and window to see if it can find the hidden safe and break it open. We will be able to provide enterprise customers an automated and real time view of their critical application security exposure.
Application security is a massive, complex and escalating problem. Many organizations have hundreds or even thousands of web applications that access sensitive customer, financial and corporate databases. Security teams use application security scanners such as NTOSpider to identify the application vulnerabilities and then use Core’s Insight threat simulation and real-world threat replication technology to do deeper testing on those vulnerabilities pivoting off each internal asset, such as databases and servers, to find which can actually be exploited. But, it takes time to manually feed the vulnerabilities to Core Insight, until now.
At NTO we are huge champions of finding ways to automate security processes that really should be automated. So, the even better news for security teams out there is that this solution, through automation, will provide a more efficient way to get a holistic view of their security posture. Through the automation of vulnerability identification, validation and risk prioritization, companies will now be able to efficiently monitor their application security posture, allowing security teams to spend their time on the material risks and threats that require more detailed analysis and subject matter expertise. And who wouldn’t like a little more time in their day to focus on the fun stuff with security?
It’s sort of like a round the clock application security penetration testing team in a box and can give security teams better information as to the exploitability and impact of discovered vulnerabilities.
In the meantime, you please check out our formal announcement that provide some specifics on how the integrated, automated solution will work.