Core Security to Expand Market with Mark Hatton

Outsmart Malicious Hackers


It seems like security/pen-testing software can be quite lucrative – especially with the prices Core Security charge for their flagship tool Core Impact (Around $25,000 per seat?).

They have offices in two countries and are now looking to expand into new markets, anyway this is a bit of corporate security news for a change. They have hired a new CEO – ex Sophos executive Mark Hatton.

Less than a year after an executive reshuffle prompted questions about its direction and viability, Core Security Technologies has hired a new chief executive to pilot its push beyond the niche penetration-testing market.

Core Security, which employs about 130 people in offices in Boston, Mass., and Buenos Aires, Argentina, has tapped former Sophos executive Mark Hatton as its new CEO amidst strong hints that new technology pieces could be added to position the company as more than a specialized vulnerability scanning outfit.

“We have a really good opportunity to rise above the niche pen-test market,” Hatton said in an interview with eWEEK. “We already provide very valuable insight as to where vulnerabilities lie and show [an enterprise] the extent of damage that can occur. We can add a few pieces and provide a much more unified view of how well the security infrastructure is working.”

Their product is very good and the reporting capabilities are way better than the free software out there (that matters a lot when turn-around time is short in a commercial pen-test or VA).

I wonder what markets they are going to move into? Perhaps log aggregation or system architecture security management (more like GFI Languard?).

Hatton declined to discuss future strategic moves, but a quick glance at his track record at Sophos, an enterprise-facing anti-virus vendor that successfully repositioned itself as a full-fledged endpoint security player, suggests that Core Security could be moving in that direction.

“We are in a position today where [Core’s] technology is good and the marketplace is generally opening up,” Hatton said. “If you look at the evolution of Sophos, it was a specialized anti-virus company in the beginning and then it redefined endpoint security and NAC-type offerings. I see Core taking a similar path. We’ll define and evolve this market beyond pen-testing.”

Metasploit Framework has definitely raised some doubts for them though and put them under the spotlight, especially after last year when two of their top honchos left the company. And other much cheaper alternatives like Immunity Canvas.

This is one of the few times you’ll see me talk about commercial software – I tend to stick to the free stuff. Would any one be interested in some info about commercial tools too?

Source: eWeek

Posted in: Security Software

, , , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


7 Responses to Core Security to Expand Market with Mark Hatton

  1. Tom March 19, 2008 at 12:09 pm #

    “Would any one be interested in some info about commercial tools too?”
    I would.

  2. Pantagruel March 19, 2008 at 12:42 pm #

    Although I have a slight preference for the GPL’d software, I’d be interested in some commercial software being put to the test. There is no holy grail package for pen testing or VA and I am quite certain the bulk of us use a combination of packages to get the job done.

  3. zupakomputer March 19, 2008 at 1:30 pm #

    I’m certainly interested in it, although am unlikely to be affording any.

    It’s good to know what the high-paying corporates expect people to be using; cause sometimes there is a bit of the attitude that if they don’t recognise some named package they get suspicious that it won’t really work.
    (I mean the folks that hire employees; they don’t always know anything about the actual work needing done, or they’re very vendor-specific.)

    It’s also good to know what’s not available on the freeware, as then it’s easier for it to become available there too.

  4. unfufu March 19, 2008 at 4:39 pm #

    This sucks, I wrote half a page of comments on commercial tools I use and own compared to the opensource alternatives. The antispam math quizz didnt work… so, to boil it down, I’d love more news on commercial tools.

    Keep up the good work!

  5. James C March 19, 2008 at 6:09 pm #

    Commercial tools rock!
    They’re generaly (but definitely not always) better quality tools.

  6. J. Lion March 20, 2008 at 1:48 pm #

    I am interested in learning more about commercial ware and the way they compare to their rival freeware.

  7. zupakomputer March 20, 2008 at 4:01 pm #

    @unfufu: The math check times out after a while; pity you didn’t hit ‘back’ cause if my browser’s anything to go by it would have saved your comments.

    Amusingly, the top500.org site started doing comments, and their maths check really really didn’t work at all! Someone must have set it to ‘throat-warbler mangrove’.