Core Security is an American computer and network security company that provides an attack intelligence platform, vulnerability management and network penetration testing measurement software products and services. The company’s research arm, CoreLabs, proactively identifies new IT security vulnerabilities, publishes public vulnerability advisories, and works with vendors to assist in eliminating the exposures they find. In February 2019, HelpSystems acquired the Core Security products from SecureAuth. HelpSystems is a Minnesota-based software company working in the areas of systems and network management, business intelligence, security and compliance.
History
In 1996, Core Security was founded in Buenos Aires, Argentina. One year later, the CoreLabs Research group was established and published their first advisory. Core conducted its first penetration test for a U.S. company in 1998. In the same year, Core Security was recognized as an "Endeavor Entrepreneur" by the Endeavor Foundation, a foundation that supports entrepreneurial projects in emerging markets. In 2000, the company's first U.S. office opened in New York, NY. Two years later, Core released the first and second versions of their flagship penetration testing product, Core Impact Pro. In 2002, Morgan Stanley became a shareholder in Core, investing USD 1.5 million and retaining a seat on the board. In 2003, the company's U.S. headquarters was relocated from New York to Boston, MA. Five years later, Mark Hatton became the CEO of Core Security. In 2009, Core adds development sites in Boston and India. One year later, Core announced the beta of its new security testing and measurement product, Core Insight. In 2012, Core announces partnership with nCircle. In the same year, Core announces partnership with NT Objectives. In 2013, Core Security is named to the 2013 Inc. 500/5000 List. The firm, at the time, employed 180 people, 150 of whom are based in Buenos Aires. In 2014, Core Security Adds Intrinium to its Partner Program and extends its reach to the Pacific Northwest. In the same year, Core Security announced the latest version of its Core Attack Intelligence Platform. Also in 2014, Core Security won the Information Security Magazine and SearchSecurity.com 2014 Readers' Choice Awards for "Excellence in Vulnerability Management." In December 2015, Core Security was acquired by identity and access management company Courion; in May 2016, Courion rebranded itself with the Core Security name. In July 2016, Core Security Technologies acquired Damballa for $US 9 million. In 2017, Core Security merged with SecureAuth. In 2019, HelpSystems acquired the Core Security solutions from SecureAuth.
Origins
Damballa was founded in 2006 in Atlanta, Georgia by Merrick Furst, an associate dean in the Georgia Institute of Technology College of Computing; he was joined by two Georgia Tech colleagues, Wenke Lee, and David Dagon. The company is named after Damballa, a Vodou snake god that protects against zombies, with the implication that Damballa protects against “zombie” computers operating as part of botnets. According to its site, Damballa now seeks primarily corporate clients and ISP.
Offerings
Damballa’s product offerings were:
Advanced Threat Protection
Damballa's advanced threat protection solution for enterprises, Damballa Failsafe detects successful infections with certainty, terminates their threat activity, and gives incident response the intelligence needed to rapidly prevent data breaches. Damballa Failsafe is able to detection malicious files and track suspicious behavior over time in the network, delivering actionable information about known and unknown threats regardless of the infection’s source, entry vector or OS of the device. It provides incident responders with definitive evidence so they can rapidly prevent loss on high-risk devices while blocking activity on the rest. It was recommended on the Advanced Threat Protection shortlist buyer's guide for 2015.
ISP Subscriber Protection
Damballa CSP, which is designed for service providers and ISPs, identifies malicious activity originating from subscriber’s devices, whether PC, tablet or mobile. Damballa CSP sits out-of-band inside the service provider’s network and monitors DNS requests from the subscriber’s IP address, which enables it to identify subscriber devices infected with advanced malware.
Patents
In 2013, Damballa was granted its first two patents, related to detecting advanced threats. Patent 8,566,928 describes methods for detecting a first network of compromised computers in a second network of computers, while patent 8,578,497 describes methods for analyzing domain names that are not registered that are collected from an asset in a real network. In February 2014, the company was granted a third patent, # US20120198549, for its "Method and system for detecting malicious domain names at an upper DNS hierarchy", which describes a methodology for identifying potential malicious domain names used to propagate threats.
Research and advisories
According to its website, Core Security's research department, Core Labs, conducts research in system vulnerabilities, cyber attack planning and simulation, source code auditing and cryptography. Core Labs publishes security advisories, technical papers, project information and shared software tools for public use, with its researchers participating in IT security research conferences including the Black Hat Briefings.