With a sight-related theme running through its catalogue, eEye Digital Security offers a range of security products. Iris contributes fearsome packet decoding and protocol analysis capabilities, Blink delivers firewall and intrusion detection facilities and the Retina on review provides network vulnerability scanning tools. Unlike ISS’ Internet Scanner 7, Retina can run on any Windows NT, 2000 or 2003 system and the system doesn’t need to be dedicated to scanning tasks. The swift installation is only held up, momentarily, by the web licensing process. Commendably, Retina gets straight on with contacting the eEye website and downloading all the latest updates, which include detection tools for the Microsoft RPC DCOM vulnerabilities, installed patches and Blaster variants. On first contact with Retina, a wizard pops up to lend a helping hand but we found the well-designed and intuitive interface generally made this a redundant feature. You can start scanning straight away by adding a single IP address, or a domain name, in the action window and defining multiple ranges in the pane alongside. Retina uses policies that determine what it should look for and defaults to a full scan of all ports and services. You can create your own custom policies. Retina also offers a unique feature called CHAM (common hacker attack methods) where it pretends to be a hacker attempting to break into selected systems in an effort to identify undocumented vulnerabilities. Four modules
Retina comes with four different modules that each provide a range of features. The function of the Scanner module is self-evident whilst a Miner module adds functions such as password guessing. Tracer runs a trace route between the Retina system and a selected target, and displays the results in graphical format, whilst a Browser module integrates web browsing facilities into the Retina interface. Scanning speeds are very impressive, with Retina completing a full scan of our seven test systems in less than five minutes – noticeably faster than QualysGuard and Internet Scanner 7. Along with good speeds, we were impressed with the number of vulnerabilities identified on our test systems and also with the levels of assistance provided by Retina to help resolve each issue. Each system’s security audit lists vulnerabilities in order of importance. Selecting one displays a description, a risk level and instructions on how to fix the problem in the tips window below. You also get links to related websites so you can download and apply service packs and patches immediately. An extremely useful feature is Retina’s ability to fix some problems on the fly. So, if the vulnerability is, for example, due to an unnecessary service, or registry entry, Retina will offer to make the appropriate modifications or close the service down. Features such as these demystify the whole process, making Retina a better choice than most for smaller businesses with limited technical support. Unfortunately, as with ISS’s Internet Scanner 7 (reviewed in July) we encountered a number of issues with OS identification during testing. Retina correctly identified those systems running Windows Server 2003 and XP but did not differentiate between Windows 2000 Professional and Server preferring to list them as just running Windows 2000. It also correctly noted those systems with SP3 applied but did not notice that our 2000 Server system had SP4 installed. Another glitch came with a Windows ME system where Retina reckoned it was running ‘MS Windows 2000 Professional RC1/W2K Advanced Server Beta3’. We raised a support request with eEye and sent all relevant log files from the test scan to its engineers but after a full week we had heard nothing back and due to time limitations had to leave this as unresolved at the time of writing. What we can’t understand is why nearly all security scanning products we have tested have so much trouble with OS identification. Nevertheless, if you can put up with these OS-related oversights you’ll find Retina provides a wealth of information about the holes in your network. Although it costs a lot less than ISS Internet Scanner 7, Retina is a superior product which we found delivers plenty of assistance for troubleshooting security vulnerabilities and is extremely easy to configure and use.

OUR VERDICT

Retina proves that vulnerability scanning doesn’t have to cost a mint making this highly suited to a wide range of businesses. It looks particularly good value to smaller companies as it offers valuable assistance in understanding and fixing the problems it highlights, although the issue of OS identification continues to be a bugbear.