Core Security Ups Ante In Security Management

Vulnerability management and intelligence firm Core Security is upping the ante a bit in its core competency, and it’s doing so by adding intelligence an analytics technologies to its offerings.

The Boston, Mass.-based firm upgraded its flagship Insight Enterprise solution with the launch of Insight 3.0, a suite that provides a spate of new tools that include multi-vector vulnerability assessment, asset categorization, threat simulation, penetration testing and advanced security analytics.

It’s a comprehensive solution that represents a springboard for the channel from which to launch new combinations of specialized services and build out portfolios as Big Data trends around security reaches their stride.

The medley of tools are housed in a unified security risk management console that gives solution providers control over the entirety of the vulnerability management lifecycle. And like many intelligence-based vulnerability management solutions, the latest 3.0 release touts a slew of advanced capabilities targeted toward verticals tasked to meet requirements around compliance.

“With today’s constantly-evolving threat landscape, security professionals and business leaders don’t need more security-related data, they need more security intelligence applied to that data,” said Milan Shah, senior vice president of products and engineering at CORE Security. “While existing vulnerability management solutions have delivered what they can, they fall short when it comes to analytics and intelligence.”

That said, Core is touting the addition of predictive intelligence technology as its biggest selling point, which allows channel partners to analyze and contextual the barrage of data and charge top dollar in the process.

Specifically, the 3.0 release is designed to capture copious data to identify an array of vulnerabilities from various sources. To that end, the solution maps security data and correlates it to actionable risk information — an addition that gives partners the ability to aggregate vulnerability and threat information used to identify high-probability risks and threat vectors that lead to attacks against critical assets.

From there partners can prioritize threats and then cultivate strategies for remediation, which in turn enables them to bulk differentiation and and carve out unique high-margin niches in the vulnerability management space.

And by many reports, solution providers would be smart to place their bets in vulnerability management. A recent TechNavio report indicated that the global security and vulnerability management market was set to grow at a CAGR of 12.2 percent between 2011 and 2014, driven by the dearth of compliance regulations.

As previously mentioned by Channelnomics, compliance and GRC markets are on a sharp upward trajectory, thanks in part to the rise of high-profile data breaches and advanced attacks, increasingly stringent regulations, and the rise of cloud technologies that have put an accelerator on GRC markets. And vulnerability management provides a major piece of the GRC puzzle.

That said, partners will likely be able to carve out increasingly profitable niches as the market expands by developing customizable services around an exponential and overwhelming rise of threat data, attributed to spiking Big Data security trends.

Why? Because customers don’t understand it, and have little time to process or analyze it, let alone develop a subsequent remediation plan or resulting security strategy based on the findings.

That’s where the channel can step in, commanding high margins to fill in badly needed security forensic gaps that many customers will increasingly be willing to pay.

As previously contended, security threat intelligence, or Big Data for security, will likely represent major opportunities around almost all areas of security not too far down the road. Among other things, it’s likely that Big Data trends in security will spur the channel to build out portfolios to incorporate a wider array of intelligence based technologies and analytics tools in order to stay competitive.

That will likely give partners the ability to go ever deeper and bulk practices around vulnerability management, and other once-obscure and overlooked niches in security.