Interview with Ivan Arce, CTO of Core Security Technologies
by Berislav Kucan - Thursday, 29 May 2003
Ivan Arce, Chief Technology Officer of Core Security Technologies, sets the technical direction for the company and is responsible for overseeing the development, testing and deployment of all Core products.

Arce, who has three patents to his credit, also writes for numerous technical publications, speaks frequently at industry events and is commonly quoted in industry publications.

He also currently serves as the Associate Editor of the IEEE Security & Privacy Magazine and as a Project Advisor to the Open Web Application Testing Project.

When and with what mission was Core Security Technologies started?

Core Security Technologies was founded in 1996. Our mission is to provide strategic information security solutions to our customers. We believe that today's information security product and service offerings lack a natural fit with organizational business requirements, creating need in the marketplace that need to be addressed.

We view information security as a three stage iterative process (ASSESS-> PROTECT-> AUDIT) rather than a set of independent technologies and practices. If we assume that 100% bullet proof security is not achievable in any organization (and this is a safe assumption), then our logical conclusion is that the best security strategy is to address security as a streamlined and iterative process that supports and enhances other business processes in a sustainable manner providing:
  • visible immediate benefits, and
  • a mechanism to reduce risk constantly in each iteration of the process.
In this way, two of the most important infosecurity concerns for C-level executives can be understood and addressed:
  • What is the ROI of our infosecurity spending?
  • How is the infosecurity spending protecting and enhancing our business today and how it will do so in the future?
That is the 'strategic' part of our mission. We provide our solutions based on products and services built from scratch with this view as the guiding principle

Introduce CORE IMPACT. Which platforms does it support?

CORE IMPACT is the first comprehensive penetration testing solution for assessing specific information security threats to an organization. The product is designed to replace expensive, inconsistent manual penetration testing with a professional, state-of-the-art automated penetration testing product. CORE IMPACT goes beyond vulnerability scanners by enabling real-world attacks on IT assets and presenting analysis of information security risks in one comprehensive application.

The product runs on Windows 2000 and XP, and has agent support for Linux, Windows 2000, Windows XP, Solaris, and OpenBSD.

What are the key functions of CORE IMPACT?

CORE IMPACT is a unique software product. It provides a comprehensive and professional framework for penetration testing. Until recently penetration testing was an obscure and almost magical discipline that could only be performed by highly technical and experienced individuals. CORE IMPACT changed that. CORE IMPACT provides an organization's security or systems administrator with the most advanced penetration testing techniques, including professional grade exploit code for remote and local system compromise and privilege escalation, complete accountability, reporting and clean up capabilities.

And to the expert penetration tester CORE IMPACT provides a framework in which to develop, retain and use information security knowledge in a highly cost-effective manner. Thus improving the quality of work and substantially reducing tedious and time-consuming tasks.

Introduce CORE FORCE . Which platforms does it support?


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th