» GROUP TEST l Vulnerability assessment
There have been few changes on the vulnerability assessment landscape, but the
ﬁeld is maturing, converging and gaining depth rapidly, says Peter Stephenson.
his was an interesting year The primary difference, strategi- proper network security assess-
for our vulnerability assess- cally, is that network vulnerability ment, one begins with the large
ment Group Test. Last year, assessment tools are converging view and progresses toward the
we separated application vulner- with penetration testing tools to speciﬁc. Two years ago, there were
ability assessment from network provide both capabilities in the no solid combination tools. Last
vulnerability assessment. This year, same tool. This is very important year, we had a couple that got
we grouped them together. This in my view because, properly used, pretty close. This year, we had
revealed a few interesting penetration testing is an extension solid entries that are really single
differences. of vulnerability assessment. In a security assessment tools.
This product is a quick and sim- numerous screen shots and step-by- An excellent
ple install. The installation applica- step instructions.
tion itself is a small executable that The company provides three
launches a short setup wizard. After levels of support options, all with scanner at a good
the setup is complete, management varying support coverage. Standard price. This one
and scanning is done through the support is included with the pur-
Retina application. The interface of
gets our Best Buy.
chase of Retina and provides eight
the application has the feel of Win- hours a day/ﬁve days a week phone
dows Explorer so it is comfortable and email technical support, as well Peter Stephenson
and easy to navigate. Setting up as access to the web knowledge
and conﬁguring scans is also simple base and customer download portal.
Vendor eEye Digital Security and intuitive. This product is also At a price starting at $575 for 32
Price $575 for 32 IPs available as an appliance with the IPs, this product is a great value for
Contact www.eeye.com application already installed. the money for almost any size envi-
Retina provides multiplatform ronment. It provides a lot of great
etina Network Security network discovery and scalable functionality that is easy to use and
Scanner provides multi- vulnerability assessment for any manage, all at a reasonable price.
platform vulnerability size network environment. This
management. Retina identiﬁes product can discover network
known and zero-day vulnerabilities assets, scan them for vulnerabilities, SC MAGAZINE RATING
and provides secu- give remediation information and Features ★★★★★
rity risk assessment, provide a solid set of reports, along Ease of use ★★★★★
enabling secu- with regulatory compliance stan- Performance ★★★★★
rity best practices, Documentation ★★★★★
dards, such as SOX, HIPAA, GLBA
policy enforcement and PCI. This distributed system
Value for money ★★★★★
and compliance with regulatory can also be controlled with REM,
OVERALL RATING ★★★★★
audits. This product analyzes spe- eEye’s central management console,
Strengths Solid feature set with
ciﬁc pieces of the operating system, to form complete threat manage-
easy-to-use scanning controls.
applications and policies. The tool ment coverage. Weaknesses None that we found.
targets high-risk host components Documentation is provided in Verdict An excellent vulnerability
and how a cybercriminal could the form of two PDF manuals: scanner at a good price. This one
gets our Best Buy.
potentially leverage them for mali- an installation guide and a user
cious activity. guide. Both of these guides contain
SC • May 2009 • www.scmagazineus.com Copyright Haymarket Media, Inc.