Retina comes with four different modules that each provide a range of features. The function of the Scanner module is self-evident whilst a Miner module adds functions such as password guessing. Tracer runs a trace route between the Retina system and a selected target, and displays the results in graphical format, whilst a Browser module integrates web browsing facilities into the Retina interface. Scanning speeds are very impressive, with Retina completing a full scan of our seven test systems in less than five minutes – noticeably faster than QualysGuard and Internet Scanner 7. Along with good speeds, we were impressed with the number of vulnerabilities identified on our test systems and also with the levels of assistance provided by Retina to help resolve each issue. Each system’s security audit lists vulnerabilities in order of importance. Selecting one displays a description, a risk level and instructions on how to fix the problem in the tips window below. You also get links to related websites so you can download and apply service packs and patches immediately. An extremely useful feature is Retina’s ability to fix some problems on the fly. So, if the vulnerability is, for example, due to an unnecessary service, or registry entry, Retina will offer to make the appropriate modifications or close the service down. Features such as these demystify the whole process, making Retina a better choice than most for smaller businesses with limited technical support. Unfortunately, as with ISS’s Internet Scanner 7 (reviewed in July) we encountered a number of issues with OS identification during testing. Retina correctly identified those systems running Windows Server 2003 and XP but did not differentiate between Windows 2000 Professional and Server preferring to list them as just running Windows 2000. It also correctly noted those systems with SP3 applied but did not notice that our 2000 Server system had SP4 installed. Another glitch came with a Windows ME system where Retina reckoned it was running ‘MS Windows 2000 Professional RC1/W2K Advanced Server Beta3’. We raised a support request with eEye and sent all relevant log files from the test scan to its engineers but after a full week we had heard nothing back and due to time limitations had to leave this as unresolved at the time of writing. What we can’t understand is why nearly all security scanning products we have tested have so much trouble with OS identification. Nevertheless, if you can put up with these OS-related oversights you’ll find Retina provides a wealth of information about the holes in your network. Although it costs a lot less than ISS Internet Scanner 7, Retina is a superior product which we found delivers plenty of assistance for troubleshooting security vulnerabilities and is extremely easy to configure and use.
Retina proves that vulnerability scanning doesn’t have to cost a mint making this highly suited to a wide range of businesses. It looks particularly good value to smaller companies as it offers valuable assistance in understanding and fixing the problems it highlights, although the issue of OS identification continues to be a bugbear.