Pen Testing Platform Maker Ramps Up Partner Program


Core Security Technologies is ramping up its partner program, attempting to compete in the vulnerability assessment market by forging relationships with Microsoft, McAfee and others as well as adding channel VARs that specialize in security and vulnerability management.

The Boston-based company sells a platform that combines penetration testing and vulnerability scanning. Core sells two products: Core Impact, a full-fledged pen testing suite used by hardcore penetration testers, and Core Insight, an automated vulnerability testing platform introduced in 2010 for chief information security officers and other executives.

The company's new channel chief, Joe Schramm, said he joined Core last year to formalize the company's partner program. Core needs to make the case that businesses need ongoing penetration testing in their environment and compete against the likes of another Boston-based security firm, Rapid7, which integrates the commercial Metasploit pen testing tool into its Nexpose vulnerability scanning software. Meanwhile, Miami-based Immunity, Inc. sells the Canvas pen testing platform.

 

[Related: Google Aurora Attackers Behind Internet Explorer Zero-Day Attacks]

There is growing momentum around using penetration testing and vulnerability management data as part of risk management programs to influence decision making with non-IT executives, said Paul Proctor, chief of research for security and risk management at Gartner. If presented well, executives can use the data to make budgeting decisions for security and prioritize business units based on their security posture, Proctor said.

By 2014, Gartner predicts that 80 percent of the Global 2000 will be required to report the state of security to the board of directors on an annual basis, Proctor said.

"All of these tools are starting to go from being techie toys to being something that can produce information with a business context," Proctor said. "CISOs have a significant interest in being able to translate what is very technical stuff into something that can be understood by a decision making body like a board of directors."

Schramm said Core needed a plan to build up formal relationships with technology partners and add a cadre of channel resellers and solution providers. The new partner program, launched by Schramm last year, has signed on 23 partners and resellers, including nine resellers in the U.S.

"The company didn't have any formalized technology partnerships and few channel relationships," Schramm said. "Historically the company transacted a high volume through its channel, but it was more of a pass-through; none of it originated from the channel."

NEXT: Channel provider finds interest from c-level executives