Automated Penetration Testing Market Rapidly Maturing and Expanding Driven By IT Security Risks and Regulatory Compliance Demands
BOSTON – Jan. 12, 2009 - Core Security Technologies, provider of CORE IMPACT Pro, the most comprehensive product for proactive enterprise security testing, today announced that it experienced record growth in 2009 highlighted by gains in its annual revenues and continued expansion of its customer base.
Specific milestones achieved by Core during 2009 include:
- Double-digit revenue growth and record sales in Q4.
- Addition of 100+ new customers to total over 900.
- Record renewal rates.
- Staff expansion to encompass development on three continents plus key executive additions.
- Release of two major product versions, including the addition of wireless penetration testing.
- High-profile CoreLabs research reports, advisories and government advocacy.
While many industry watchers suggested that the sluggish worldwide economy would have a negative effect on growth across most IT markets during 2009, Core Security achieved record revenues during the year. Compared to calendar 2008, privately held Core charted a double-digit gain in annual sales, driven by strong demand across major verticals including financial services, government, health care and education. Over the last five years, Core has achieved a compound annual growth rate of just under 50 percent.
As the market for automated penetration testing solutions expanded rapidly over the last year, Core was consistently recognized by customers and industry analysts alike as the clear leader in terms of product and business maturity. This leadership was also highlighted by awards presented to Core by leading industry publications including SC Magazine (Top 20 Technologies of the Last 20 Years) and Channel Web Magazine (PCI: 20 Hot Compliance Products).
The company closed 2009 with over 900 customers including over 25 percent of the Fortune 100.
“Gaining visibility into security readiness continued to be a top-of-mind initiative for organizations in 2009,” said Mark Hatton, CEO at Core. “This was evident in our many interactions with IT leaders seeking more effective ways to assess their exposure to IT risks, gauge their regulatory compliance standing, and filter through mountains of security systems and event data. They licensed CORE IMPACT in record numbers to address these challenges.”
Core Security also achieved its highest-ever license renewals during 2009, markedly exceeding industry-standard client retention rates as customers leveraged the benefits of automated penetration testing to expose real-world web application, wireless, client-side, and network threats in their IT infrastructures.
Global Business Expansion
During 2009, Core expanded its product development capabilities to span three continents and benefit from a truly global workforce. In addition to its primary product development team in Buenos Aires, Argentina, Core established development operations in Boston, Mass. and Bangalore, India.
Core also brought onboard experienced senior executive leadership to help guide both its sales and development efforts, with Steve Pace joining the company as vice president of sales and Milan Shah occupying the newly created role of senior vice president of engineering.
Consistent Product Advancement
As scheduled, Core Security produced two new iterations of its CORE IMPACT Pro automated penetration testing solution, adding new levels of breadth and depth while continuing to refine its market-leading user interface and reporting capabilities. Among the most noteworthy expansions of the solution was the addition of wireless penetration testing capabilities fully integrated with its existing network, endpoint, web applications and end-user assessment functions, along with marked extension of the product’s web applications testing features. IMPACT Pro’s reporting capabilities specifically advanced via the addition of new cross-asset trends and graphical attack path report features, which allow customers to visualize successful avenues of attack against their most critical information assets.
Core Security also launched another major product initiative in 2009 via the introduction of its User Statistics collection and usage sharing features. IMPACT Pro customers opt-in voluntarily and transmit anonymous testing data (i.e., number and types of exploits run, etc.) back to Core. Participants were able to begin viewing statistics trends drawn from across the customer community directly in the product’s dashboard. In addition to providing the company with key usage data to help guide its future exploit and product development, participating customers (over 20 percent of total install base) have responded extremely favorably to the intelligence they have garnered from viewing testing trends across the broader IMPACT Pro user community. In particular, customers have cited the capability to benchmark their security posture both internally and against their peers as being fundamental in setting risk management objectives for the coming year.
Industry-Leading Research and Government Standards Participation
The work of CoreLabs researchers also experienced unparalleled heights during 2009, with experts participating in numerous speaking engagements at leading industry trade shows around the globe and publishing a record number of high-profile vulnerability advisories.
Among the most noteworthy and highly publicized reports presented by CoreLabs researchers were talks delivered at the CanSecWest, Black Hat USA and OWASP Appsec conferences – detailing pressing issues including the ability to create BIOS-borne root kits; the opportunity to compromise onboard laptop security features to gain remote control of the machines; and new techniques for automatically discovering and exploiting cross-site scripting vulnerabilities in arbitrary web applications. Noteworthy advisories included vulnerabilities discovered in products made by companies including Apple, HP, IBM and Microsoft.
Core Security also reinforced its commitment to help the U.S. government improve its ability to deal with the worldwide cybercrime epidemic. Core experts testified before the U.S. Senate Homeland Security committee and chaired the Threats Working Group of the CSIS Commission on Cyber Security for the 44th Presidency, which will provide revised recommendations to the Obama administration early in 2010.
About Core Security Technologies
Core Security Technologies is the leader in commercial-grade penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, wireless networks, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, Mass. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.
Tim Whitman or Lauren O’Leary