Beyond Trust Retina CS Enterprise Vulnerability Management
Strengths: Lots of functionality.
Weaknesses: For all of its ability to integrate with a very large list of third-party tools, its inability to work with any browser except IE is surprising.
Verdict: Solid vulnerability management system, especially at home in large environments.
This is a full-featured vulnerability management platform with all of the bells and whistles you need to deal with vulnerabilities on your enterprise. We received the product on the UVM20 hardware appliance, which includes Retina CS Enterprise Vulnerability Management, Retina Network Security Scanner, and the Enterprise Update Server. We could have used a virtual machine as well - both physical and virtual appliances are supported.
The package is a complete one. However, it is not a walk in the park to set up. Tools with the extensive functionality of this one rarely are. The getting started guide for the UVM20 is a nice little booklet. We cannot imagine needing anything to get the device up and running that wasn't there. Initial setup is done from the server's LCD panel and consists of the usual IP address configuration and a couple of little things that get you to the point where you can access the management console web interface over the network.
So here was our first serious complaint: One must use Internet Explorer according to step one of the appliance configuration procedure. We found that way too restrictive given that most users select from a number of browsers and take a choice. It is unreasonably restrictive to require a particular browser and suggests that there is something about the product that is incompatible with other browsers. For the price that should not be the case.
Once we were set up it took little time to get to basic testing. However, there are a lot of functions that are available to take you beyond basic testing. For example, if you want to limit who can log into the system's individual functions - beyond the basic login - you could apply PowerBroker Password Safe to manage privileged credentials for credentialed scans. This can be a huge time saver and significantly eases the effort required to manage credentialed scans securely.
Patch management is based on an extended version of Microsoft's Windows Server Update Service (WSUS) that covers several third-party applications, such as those from Adobe. This is tied to regulatory requirements so you not only are patching properly, you are documenting as well.
Configuration, generally speaking, is quite straightforward until you get into some of the more exotic areas. Even then, the configuration screens are excellent and getting up and running takes very little time. While we would not say that configuration is difficult, it is extensive, and getting the full benefit of the extensive functionality takes a bit of effort.
Analytics is excellent. There is the ability to match threats from external threat data with vulnerabilities to determine impact. This pulls vulnerability management into the realm of risk management. Asset discovery is automatic and ongoing. This allows vulnerability management even when you don't know about a potentially vulnerable asset.
An extension of analytics, of course, is reporting. The tool has over 270 prepacked reports, as well as numerous dashboards for real-time views of current state plus trending. Integration with third-party products from vendors such as McAfee allow you to add this device into an existing environment and integrate with SIEMs and many other risk management tools. Especially notable is the ability to integrate with Core Impact and Metasploit to coordinate vulnerability management with pen testing.
Documentation is complete and support is available with the platinum plan costing 20-24 percent of licence. Pricing is a bit on the high side at nearly £19.64 per asset. A large enterprise with tens of thousands of assets under test could get expensive in a hurry. Still, the tool has a lot of capability, especially for those larger enterprises for which it has the ability to scale through decentralised instances of the tool.