Matta Colossus

colossus_logo.gif

 

Quantifying and managing risk is a top priority for every business. Organisations lose time and money to security incidents, and details of new weaknesses are published daily. Application-level risks pose an increasing risk in complex environments, so it is important that both network and application layers are assessed in depth to prevent compromise.

 

Colossus enables organisations to perform thorough Internet-based network and application security assessment, that otherwise a penetration testing provider would be enlisted to perform using a team of consultants to attack and test their networks. 

 

As a professional penetration testing provider and security consultancy, Matta created Colossus as a thorough security assessment tool that is capable of generating no false positives. Colossus is an extensible and modular system, using leading-edge approaches such as Common Vulnerability Scoring System (CVSS) to produce accurate threat and risk metrics, and also using XML report export format, allowing for integration into internal vulnerability management and alerting systems.

 

Colossus is delivered as a service over the web, without the burden of deploying and maintaining an in-house vulnerability assessment system. Colossus can also be deployed as an appliance to perform internal assessment, report generation, and management in enterprise networks. Thorough network and application assessment is performed by Colossus, negating the need for individual testing tools for specific application or network-layer assessment. The on-demand assessment

solution reliably scales to perform testing of complex heterogeneous networks and applications.

 

Key Points

 

·         Both network and application layers are tested, and combined in a single report

·         Totally new technology, engineered from scratch all the way to the web interface

·          Reports that look as good as a consultants

·         Ability to produce zero false positives using consultant supervision

·         The most flexible reporting framework ever seen in this industry

 

Technical Data Sheet

Scanning

 

·         Network mapping and scanning performs thorough assessment of servers, firewalls, and other networked devices to accurately identify them and qualify relevant vulnerabilities

·         Scans can be configured for minimum network load (using rate-limiting and other low-level IP features), or for optimum performance and speed

·         Colossus is event-driven and parallelised using game theory algorithms to perform efficient and thorough testing as a professional penetration tester would

·         Modular scanning system capable of performing deep assessment of common service software

·         Web application assessment modules for testing PHP, ASP, JSP, CGI, and other applications.

 

 

 

Technologies Tested

 

Web servers

Microsoft IIS

Apache / Tomcat / Coyote

Oracle Application Server

Netscape Enterprise / iPlanet / SunONE

IBM WebSphere

Lotus Domino / iNotes

 

Web applications

Microsoft ASP / .NET

JSP and Java

PHP / CGI scripts

 

Mail servers

Sendmail

Open source Unix services (postfix, exim, qmail,

courier, and others)

Microsoft Exchange

Lotus Domino / Notes

MAILsweeper

 

Database servers

Oracle

MySQL

Microsoft SQL Server

 

Remote maintenance services

Telnet

SSH (commercial and OpenSSH)

Citrix

FTP services (IIS, WU-FTP, ProFTP, vsFTP, Serv-U

FTP, and others)

RSH

SNMP

 

Windows networking services

NetBIOS (session, datagram, name table)

CIFS

 

RPC services

MSRPC services

Unix RPC services

 

VPN and firewall services

Check Point FW-1 and NG

Cisco IOS, PIX, et al

SonicWALL

Netscreen

Watchguard

 

Colossus

Security Beyond Compromise

 

Bloxx Web Filtering  |  Breach  |  Checkpoint  |  CRYPTO-Shield  |  eEye  |  Finjan Web Security  |  Fortinet  |  Kaspersky Open Space Security  |  Marshal  |  Matta Colossus  |  McAfee  |  Mimecast  |  Nokia  |  Safe Stick  |  Sophos  |  St. Bernard  |  SurfControl  |  Trend Micro  |  Utimaco Safe Guard Easy  |  Vasco DIGIPASS  |  Watchguard   |  Websense  |  SecurStar
Copyright (c) 2010 Secure Networks (UK) Ltd. - IT Security Specialists | Privacy Statement | Terms Of Use | Site by Site-Simple