RETINA Network Security Scanner
July 01, 2003
eEye Digital SecurityProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
Very detailed analysis and very fast with an attractive admin console.
It is hard to tell if the AI employed in CHAM has the ability to thoroughly test the system.
RETINA allows the security administrator to have on hand a 24-hour automated security consultant and penetration tester.
One thing that cannot be overlooked in network security is the ability to test weaknesses like a hacker. The RETINA Network Security Scanner is one such tool - and probably one of the fastest ones on the block.
This is not a traditional intrusion prevention system as such, as it tests network nodes for known vulnerabilities and weaknesses. Rather, it is a bit like an automated security consultant.
Installing the application was very quick and we had it running a scan in next to no time. But before it ran anything, it updated its signature file of known exploits from the internet, allowing us to seek out problems in our test network.
The console is very clean looking and has the appearance of an internet browser. It was very easy to navigate through it and configure how the software will run. The initial screen features four options called modules: browser, miner, scanner and tracer.
Of these, the scanner module is probably the most important, scanning machines both on the local network and over the internet. Even a machine with all the latest patches applied showed some vulnerabilities, in part due to poor configuration.
One way that this tool differs from so many others on the market is in the use of a technique called common hacking attack method (CHAM). This is a piece of artificial intelligence that imitates how a hacker would attack a network, and report on what it finds. While RETINA runs most of its scans in a 'non-intrusive' mode, so as not to disrupt systems, in CHAM mode the application performs numerous hacking attempts on the most popular protocols such as HTTP, FTP, POP3 and SMTP. But it is very uncertain if the artificial intelligence can truly mimic the behavior of a hacker or script kiddie.
After analysis, the findings are presented in a report that lists the vulnerabilities found in the target system. The report was very detailed and professional-looking, and gave details of how the defects could be patched up.
On the whole this product is not an intrusion prevention system in the truest sense of the word. But if used on a system to spot flaws early on it can prevent the attacks from ever happening.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- Same fate befalls Post Office broadband as hit DT?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Former Expedia IT employee admits to hacking execs from the inside
- Cyber-insurance: What will you be able to claim for and is it worth it?
- Levelling the playing field against targeted attacks
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime
- IoTSF conference: EU should become de facto regulator