Retina™ The Network Security Scanner
Acknowledged as the fastest security scanner on the market today, Retina is designed to identify known and unknown vulnerabilities, suggest fixes to identified vulnerabilities, and report possible security holes within a network's internet, intranet, and extranet environments. The product's patented technology eclipses the capabilities of the past generation of security scanners and employs a unique artificial intelligence engine that allows the product to think like a hacker or network security analyst attempting to penetrate your network.
Retina is a best-of-breed scanner supported by powerful features that are attractive to the network administrator and the security consultant alike. eEye has committed to making Retina the most feature-rich scanner on the market and actively solicits and incorporates client feedback and requests.
Breadth of Systems and Services Audited
Retina includes vulnerability auditing modules for many systems and services. These include: NetBIOS, HTTP, CGI and WinCGI, FTP, DNS, DoS vulnerabilities, POP3, SMTP, LDAP, TCP/IP, UDP, Registry, Services, Users and Accounts, password vulnerabilities, publishing extensions, and more.
Retina runs on the Windows NT platform, but is designed to scan multiple platforms and systems. Retina scans many operating systems, including most Unix operating systems (Solaris, Linux, *BSD etc...) and networked devices (routers, firewalls etc...) that run home grown operating systems.
CHAM (Common Hacking Attack Methods)
This groundbreaking feature is the first of its kind. CHAM employs AI technology in order to simulate the thought process of a hacker or security analyst in finding holes in networks and software packages.
CHAM enables Retina to go beyond looking for known vulnerabilities. By simulating the approach and thought process of a hacker, CHAM is able to identify unknown vulnerabilities in networks. Set it loose on your Web server, or on custom application being developed by your engineers. eEye uses CHAM in its own vulnerability research efforts and has been invaluable in enhancing its capabilities in releasing many such advisories.
Retina is the first and only commercial scanner to license and incorporate the NMAP Fingerprint Database -- the most complete database of OS TCP/IP stack fingerprints available. This allows Retina to perform remote operating system detection for smarter scanning.
Retina is absolutely thorough when it comes to scanning your network. When running a scan, Retina does not make assumptions about typical protocols running behind certain ports. It analyzes specific input/output data on a port to determine what protocol and service is actually running in case of custom or unconventional machine setup.
Retina is built with an open architecture that provides the administrator the opportunity to develop vulnerabilities, tests, and auditing modules tailored to an organization's precise requirements. A documented set of APIs is provided for custom audit development without limiting the developer to specific programming languages.
Retina provides the user with total flexibility on which audits to perform. Using the Policies wizard, users may select specifically which ports they wish to audit. The flexibility of turning on and off any of the policies run by Retina gives the administrator flexible control over the breadth and depth of scans.
Click for screen shot
Produce fully documented network audit reports based on Retina's security scans. Smart Reporting allows the network administrator to access, read and print these real-time security test results with ease. Two options are available for reporting: the Technical Report with intricate detail to satisfy IT personnel, and the Executive Report for high-level management summaries. The reports may also be "white labeled" with the client's logo and contact information.
Click for screen shot
Graphical User Interface
Retina was created with a simple-to-navigate graphical user interface. This interface can easily be used to control all aspects of scanning and reporting features within Retina.
Click for screen shot
This distinct feature allows the network administrator to automatically correct common system security issues including registry settings, file permissions, and more. This component can also work remotely across a vast network, affording the network administrator the freedom and flexibility to operate from a single location.
Click for screen shot
Retina has an auto-update feature that provides continuous updates for its modules using an Internet connection. This feature will allow the network administrator to update Retina's modules on a regular basis, thus keeping pace with the latest vulnerabilities.
Did you know that firewalls and intrusion detection systems do not provide 100% protection against hackers? These tools are reactive in nature: they only protect you when someone is actually trying to hack into your network. What you also need is a product that proactively helps you secure your network.
Retina was designed by eEye Digital Security to identify known and unknown vulnerabilities, suggest fixes to identified vulnerabilities, and report possible security holes within a network's internet, intranet, and extranet environments.
The product's patented technology eclipses the capabilities of the past generation of security scanners and employs a unique artificial intelligence engine that allows the product to think like a hacker or network security analyst attempting to penetrate your network.
Retina is a best-of-breed scanner supported by powerful features that are attractive to the network administrator and the security consultant alike. eEye has committed to making Retina the most feature-rich scanner available in the market today.
Retina is considered to be one of the top scanners in the market. Whenever Retina is compared head to head, it has frequently won the comparison based on the following factors:
Retina is extremely fast. It can scan a class-c network in less than 12 minutes
Common hacking attack methods is artificial intelligence that allows Retina to go beyond scanning for a database of known vulnerabilities. It actually simulates the approach of hacker to break into a system in order to uncover unknown vulnerabilities in systems, and particularly custom software and configurations.
Retina is the first and only scanner that incorporates the NMAP Fingerprint Database (NMAP is a very popular shareware scanning utility). This allows Retina to have superior OS detection, particularly for remote scans. eEye was actually the first company to port NMAP to the NT platform.
Retina incorporates a set of API's that allow the client to build custom scans in his/her preferred programming language and integrate them into Retina. Retina also has a "wizard" that walks the client through building a custom scan to simplify the process of integration.
Custom and Smart reporting
Retina generates comprehensive reports of the scans it runs. Clients have full control over customizing these reports, including the incorporation of their own logos and text in the header and footer. In addition, Retina incorporates smart reporting whereby reports are automatically generated to reflect the severity of the vulnerabilities discovered.
Breadth of systems scanned
Retina runs on the Windows NT/XP platform, but unlike its peers, it is not limited to only scanning Windows NT/XP networks for vulnerabilities. In fact Retina has the ability to scan all types of operating systems, including most Unix operating systems (Solaris, Linux, *BSD etc...) and networked devices (routers, firewalls etc...) that run home grown operating systems.
Retina’s Fix-It feature
Retina’s Policies feature
Main Retina interface after a complete scan
Main retina interface showing other scan result options
Retina scan in progress
Retina™ - Network Security Scanner
Retina Complete Sample Report
Retina CHAM™ (Common Hacking Attack Methods)
eEye Digital Security information papers about security - highly recommended reading!
Commonly asked questions
Q: Why is vulnerability scanning important?
A: Vulnerability scanning is an important part of a Web site's overall security because traditional security measures such as firewalls and intrusion detection systems are not enough. Retina, the Network Security Scanner, scans, monitors, alerts, and automatically fixes network security vulnerabilities, and allows IT managers to ensure that their systems are not vulnerable to the latest attacks.
Q: What is the difference between an IDS (Intrusion Detection System) and a
Q: vulnerability scanner?
A: If you were comparing securing a network to securing a home, an Intrusion Detection System would be the burglar alarm. An IDS is triggered when someone attempts to enter your network. A vulnerability scanner, on the other hand, is like the home security consultant. Its role is to proactively examine the home, or network, looking for vulnerabilities including various entry points, the integrity of the firewalls and IDS systems and so on.
Q: I have a firewall in place. Do I still need to run vulnerability scans on my network?
A: Yes. Most hacks nowadays are done through existing firewalls. In addition, 70%-80% of hacks are done internally, or with the help of someone on the inside. A network scan with Retina detects both internal and external penetration vulnerabilities and helps you patch them.
Q: Does Retina scan machines running UNIX?
A: Yes. It includes scans of most Unix operating systems (Solaris, Linux, *BSD etc...) In other words Retina is capable of scanning UNIX stations but can only be installed on Windows NT 4.0 / Service Pack 3.0 or higher or Windows 2000.
Q: What is the "Fix it" feature? And can you schedule Retina to run scans at a
Q: specific time?
A: "Fix it" is an easy method to correct common problems with Windows NT and 2000 Systems that would normally require a manual Registry Edit. Clicking on Auto-Fix will make the required Registry changes for you, automatically. Retina can run scheduled scans at a pre-determined frequency so you can specify the exact time for the scans.
Q: Can Retina run a scan on a machine across the Internet? What types of reports does
Q: Retina generate?
A: Yes, Retina includes features to compensate for variables such as network latency when running scans across the Internet. Regarding reporting, two options are available for reporting. The Technical Report contains the intricate details to satisfy IT personnel, and we have the Executive Report for high-level management summaries.
Q: What are Common Hacking Attack Method (CHAM) Modules?
A: CHAM Modules are a feature in Retina that attempt to exploit or overflow RFC compliant commands on various services such as SMTP. CHAM Modules can be used to find unknown vulnerabilities in the following services: HTTP, FTP, SMTP, and POP3
Q: Does Retina rely on a database of vulnerabilities? How can I update the database?
Q: and how often is the database updated?
A: Yes, Retina relies on a comprehensive database of known vulnerabilities. eEye is constantly monitoring and contributing to ongoing discoveries and dissemination of security vulnerabilities in networks. eEye updates the Retina database on a weekly basis, and sometimes with more frequency if critical vulnerabilities are published in the interim. The product maintenance allows you to use the Auto Update feature in Retina to download the latest vulnerability checks from eEye as long as your maintenance is up to date.
Q: I only run a small network. Do I still need Retina?
A: With the advent of "script kiddies" (hackers who run massive scans of sites in search of vulnerable networks), hacking attacks are not only more frequent, but also no longer exclusive to big name organizations.
Q: Our network is extremely complex and we have to run our own custom audits on top
Q: of yours. Can Retina integrate our audits?
A: Yes, you will be able to integrate your owns scripts into the open API area of Retina, and thus monitor all vulnerabilities from one screen. Retina also has a custom audit “Wizard” feature that simplifies the process of building custom scripts and getting them integrated with the product.
OS Platform Supported
Windows 2000 Server
Windows 2000 Professional
Windows NT4 Server (SP3 or higher)
Windows NT4 Workstation (SP3 or higher)
Internet Explorer Version 4.01 or higher
32 MB of memory
16 MB of free disk space
Internet connection (optional for remote scanning)