Core Impact 2016 R1 Now Available

Posted by Ashley Sims - Marketing Manager on Tue, May 17, 2016

We are thrilled to announce the official release of Core Impact 2016 R1. With this release, Core Security continues to provide the most comprehensive software solution that proactively assesses any security posture of an organization.

The new capabilities released in Core Impact Pro 2016 R1 include:

  • Interactive Support for Web Application Record Login
  • Flexible and customizable reporting
  • Network vector enhancements

Interactive support for Web Application Record Login

In addition to the Web Application Record Login introduced in the last release, we have added support for those scenarios where the engine needs help from the user during the authentication process due to a challenge response test. One example of such functionality is CAPTCHA.

With Core Impact Pro 2016 R1 Record Login Assistant, you can now mark some authentication steps as interactive. When these steps are play backed during the WebApps Information Gathering phase, the user is prompted for input on those marked as interactive, and resume the remaining operations once that input is completed. Core_Impact_Pro_2016_R1_Pic.jpg

Flexible and Customizable Reporting

The introduction of Flexible and Customizable Reporting in the last release was one of the biggest requests from customers over the years and has had a lot of success.

With this release, we have re-engineered the structure and contents of our network existing reports (including Wi-Fi, Mobile, and MiTM) creating a set of new reports which provides more comprehensive information of the networks being tested. All these reports allow users to export to Microsoft Excel and customize many things including vulnerability tables, graphics, and company logos according to their needs. Users are able to save changes as a new template to be used as the base for future report generation.

Network vector enhancements

We have added many new features based on extensive customer feedback, including:

  • Kerberos support for network SQL Agent
  • Agent Persistency using WMI enhancements
  • Improved OSX El Capitan Agent support
  • Domain replication functionality
  • SWF Evasion and polymorphic code
  • Python VM upgrade

For more information on the newest release, download our datasheetor request a demo of Core Impact 2016 R1.


Tags: core security, core impact, pen-testing, penetration testing

Welcome Back, Lisa Lombardo!

Posted by Ashley Sims - Marketing Manager on Wed, Jan 20, 2016


Core Security and their incredible team are not the only new additions to Courion. We are thrilled to welcome back Lisa Lombardo to Courion. Lisa recently sat down with me and gave me a bit more insight on why she came back and what she thinks of the company today. 


Ashley Sims: Lisa, you were here for over 18 years. You left during the recapitalization and resulting restructuring last spring and we are thrilled to announce that you have just come back. Can you let us know why you made this important decision?Lisa_Lombardo.jpg


Lisa Lombardo: Look, I knew Courion had to change, we all did, but with change comes uncertainty. We lost a lot of great people and while I say I “left” the company, I was never that far away because I was still helping out in a consulting capacity during the transition. That gave me a front seat to see the “sausage being made” and it wasn’t always pretty – It strained many parts of the organization. However, I’ve also gotten to see the investments that have been made across our business and their resulting benefits. Our capacity to deliver has grown with our expanded partner network, our internal and customer training has gone from adequate to ever-improving, our backend financial, expense and customer management systems are all upgraded so our business just runs faster, more smoothly and more effectively.  I was surprised to learn we’ve hired and ramped 120+ people. We have the resources to invest in improvements in deployability, reliability and UX across the product offerings.  With the acquisitions of SecureReset and Bay31, they make our existing products better and you can see that with our merger with Core Security that begins to delivers a new, intelligent driven, better together vision for the entire security industry. Finally, and perhaps most important to me, we have absolute clarity that making our cherished customers “raving fans” is a pillar of our business. Here again we have made much needed and long sought after investments – our new Customer Success organization is bigger and better than ever.  Yes, I am glad to rejoin Courion but I am happier that my Courion is improving and advancing both tactically and strategically.




Tags: Courion, core security, securereset, intelligent identity and access governance

What is CONVERGE and Why Should I Attend?

Posted by Ashley Sims - Marketing Manager on Thu, Jan 07, 2016

While it may be hard to imagine with the cold weather we've seen across the U.S. this week, May really is just around the corner and registration for our annual user conference has begun! If you're new to Courion, Core Security, or just wondering what these two companies have to offer - let me tell you a little more about our favorite event of the year. 


Converge is the industry’s longest running identity governance and administration user conference. However, just as our company continues to grow so does our conference. This year we are thrilled to be able to offer insight into the world of vulnerability management and expand our vision to serve our customers cyber-security needs as a whole.Logo-1.png Information security professionals from around the world will gather together for three days of product training, case studies, and panel discussions designed to help your team make the most of their Courion and Core Security investments and achieve meaningful business results.

On Tuesday, May 24, workshops that offer a deep dive into provisioning, governance, and vulnerability management are offered for your technical staff, while general conference sessions for all begin Wednesday, May 25 and conclude with a guest keynote on Thursday, May 26. In addition to our conference sessions we will be hosting a special event on Wednesday and a Solutions Showcase on Tuesday where all attendees will have the chance to check out new product demos, meet our customer success team, and network with our partners.

Why should you attend?

This year will be bigger and better than ever as we bring together Courion’s expertise on identity and access governance with Core Security’s top notch vulnerability management experts. If you’ve been curious as to just how these solutions work together, there is no better time to learn than at CONVERGE!

Also by taking advantage of Tech Tuesday, a full day of technical workshops, you can earn up to 15 continuing professional education (CPE) credits for ISC2 or ISACA accreditations.

More reasons to attend:

  • Mix, mingle, and learn from peers, analysts, industry thought leaders, and Courion executives and product specialists
  • Learn what’s next in Courion’s roadmap and how Core Security will make an impact
  • Become a cyber security expert- Take advantage of Tech Tuesday for tips and tricks for getting the most out of your solutions
  • Earn 15 hours of continuing professional education (CPE) credits toward your ISC2 or ISACA accreditations such as CISSP or CISM. We do the paperwork for you!
  • Connect with our partners such as PING, SecZetta, and IDMWORKS.
  • Meet our executives. Register now to be eligible to book a one-on-one meeting with CEO David Earhart, COO Chris Papadakis, or VP of Product Management and Marketing Venkat Rajaji.
    • Contact your account representative to learn more
  • Enjoy sunny Orlando. Because who doesn’t need a few days of sunshine?
  • Save now. We’ve extended our Early Bird special for our new Core Security Customers. Register before January 31 to save $300.
    • $499 if registered before January 31  

If you have any questions, send us a note at and we will help get you started.

Register Now

Tags: Courion, CONVERGE, core security

Better Together: Courion and Core Security

Posted by Chris Sullivan - GM, Intelligence/Analytics on Wed, Dec 16, 2015

Courion + Core Security FAQ
By Ray Suarez, Core Security and Chris "Sully" Sullivan, Courion

A lot of folks have been asking why we made this acquisition. The reality is, this is a merger of two market leaders expanding their products to offer something never before seen in the cyber-security space. So to build on and explain this thought, we wanted to do a little Q&A to answer some of your questions.

Ray:  Sully, why do organizations do Identity, Governance and Administration (IGA)?  Better_together_1.jpg
Sully:  To manage access to information and processes.

You can buzz it up by talking about threat surface and risk but you are simply protecting card data, IP (your crown jewels) or the ability to prevent unintended transfer of large sums.

Sully:  Why do organizations do Vulnerability Management (VM)?
Ray: To manage access to information and processes.

So let’s see, they are both solving the same problem. VM protects you up to the identity, and IGA from the identity to the process or information. Each area has tools, control processes and teams to do the work.

But our adversaries don’t partition their work this way. Consider the Target breach attack path. It was HVAC vendor account (IGA) -VPN (VM) - BMC_user1 account (IGA) - C&C server (VM), - payment systems network firewall (VM) – dev, sw distribution, exfil servers (VM). Our adversaries move quickly between the VM and IGA world and hide in the cracks between them.

Now Courion has long been an IGA market leader and is specifically recognized for customer sat and delivering on the promise of intelligence. We use a property graph (I know too techie but it’s necessary to solve the scale problems) to give you a comprehensive view of your logical access. That’s person, to accounts, to permissions and sub-permissions and roles and sub-roles and sub-sub-sub.. In a mid-sized company, that’s billions of changing security permutations – even the best security experts can’t visualize that complexity. Our analytics let you really understand what’s important so you know what you are requesting, reviewing, approving instead of just pretending that you do.

better_together_2.pngAnd Core Security has long been the VM market leader and is specifically recognized for unraveling the complex permutations of vulnerabilities that could lead to a breach of critical assets by an attacker. Courion also uses a property graph to give you a comprehensive view of the layered infrastructure and understand what’s important. That’s network, client, web, wireless and mobile.

Now imagine what would happen if you connected those two worlds with all that domain expertise and IP.  For example a blind person will perfect their listening skills to compensate for their disability and a hearing impaired person will perfect visual observation. If we could combine each of these improved senses, it would provide clarity that us normal folk might not even think possible.

Don’t believe us? Hear what some of the industry experts have to say here

2 more questions…

1. Why does InfoSec exist? To manage access to information and processes.

   2. Why Courion + Core Security? Because it was the only sensible thing to do.

Welcome to Courion + Core Security, the only security company that can continuously and comprehensively mange access to your information and processes.

Did we miss anything? We are building a new world so if you have any questions or just want to discuss things, please let us know in the comments. 


Tags: IAM, Courion, cyber security, intelligent IAM, IAG, identity and access governance, core security, vulnerability management, VRM, vulnerability risk management