By Kelly Jackson Higgins
Feb 09, 2009
The Metasploit hacking tool soon will come with services-based features
aimed at offloading resource-intensive penetration testing tasks, as
well as augmenting the popular open-source software.
While this is not a pure software-as-a-services model, the new
service-based features are a departure from Metasploit's software-based
approach. The goal is to add back-end services, such as an "opcode"
database client and a password-cracker to Metasploit, that seamlessly
expand the tool's features and resources for its users, says HD Moore,
creator of Metasploit. "We want our regular users to be able to take
advantage of [such] services transparently," Moore says.
While Metasploit's clientele tends to be more technical and
research-oriented, adding these back-end services to its pen-testing
tool is likely to influence the commercial penetration testing product
market as well, security expert say. In this difficult economic climate,
back-end services could provide enterprises with a relatively low-cost
option for in-house penetration testing. "I could see this as having a
very appealing value proposition," says Nick Selby, vice president and
research director at The 451 Group. "Immunity and Core could start
throwing in services at a very low risk to themselves as vendors and a
high value to customers -- especially ones on the fence about whether to
bring pen-testing in-house more aggressively" because they're unable to
afford outsourcing it or hiring the in-house expertise, he says.
Immunity already has such a service in the pipeline, called
ImmunitySafe, which it will launch in the third quarter, says Justine
Aitel, CEO of Immunity, which sells enterprise-grade penetration testing
products. The company already offers consulting-based pen-testing
services in addition to its software products.
Best Selling Security Books & More!