BeyondTrust Retina CS
Strengths: Solid, straightforward vulnerability management with only the bells and whistles needed to do an excellent job of finding, analysing, mitigating and eliminating vulnerabilities.
Weaknesses: Support costs over the first year (or other reasonable deployment timeframe) are high. We prefer support to be included until the customer is up and running initially.
Verdict: Solid vulnerability management tool that could become a bit pricey in a large environment.
We received the Retina Enterprise device as a hardware appliance and setup took us just a few minutes. The documentation was refreshingly complete, easy to follow and contained everything that we needed to get up and running in our test environment. The test environment for this consisted of our deception network and our VMware infrastructure. Retina had no trouble identifying assets and we even saw a few things that we hadn't expected based on the way we front-loaded vulnerabilities. After running the scan, we got a very comprehensive audit-level report that was sufficiently detailed that it would be useful for remediation teams as well as auditors.
The Retina tool is both broad and deep in its capabilities. It can manage vulnerabilities in cloud, virtual, physical and mobile environments. We were pleased to see that it found details of our VMware infrastructure including a few capabilities that we had installed but never used, such as the Orchestrator. The scanner behaves much as one would expect a scanner to behave with the exception that it also supports Retina Protection Agents that provide endpoint security. The endpoint security is typical of endpoint protection tools.
The Manager Service is the web interface and we had no trouble accessing it once we had configured the hardware appliance with its IP address information. BeyondInsight works from the database that supports the overall system. We used a discovery scan but we also could have entered assets manually.
The tool also employs what BeyondTrust calls Clarity Analytics. This capability really is a behavioural analytics tool that identifies outlier (anomalistic) behaviour. This is very useful in light of today's fileless malware infections that use such things as attacks against the Registry, attacks using PowerShell and so forth. Using PowerBroker you can configure Clarity to identify files that are infected with malware.
Policy is initiated by the settings you enter in the various modules and stored in the Central Policy Server. The server sends the various agents their instructions and keeps them current with changes.
Retina has the ability to interface with Windows Server Update Service (WSUS) for patch management. In this regard, we considered Retina to be the patch management service rather than the patch deployment service. Once Retina approves a patch, it notifies WSUS. When the client comes online, it checks for approved patches and if there are new ones WSUS sends them to the client where they are deployed. It then reports the patch status to WSUS which, in turn, communicates the status to BeyondInsight.
The website for BeyondInsight is largely a marketing site with the useful information reserved for current customers. There is no included customer support, something we see as a weakness, and paid support is 20 percent of the first-year licence cost. We really liked the documentation, a refreshing change from much of what we've seen lately. By the time we had a scan report in our hands we had no questions that the docs could not answer. This is the old-school style of documentation - full of diagrams, screen shots and tables supporting step-by-step instructions. The system can be distributed across multiple environments and the results brought together under a single pane of glass using the Event Collector.