RETINA Network Security Scanner
eEye Digital Security
Very detailed analysis and very fast with an attractive admin console.
It is hard to tell if the AI employed in CHAM has the ability to thoroughly test the system.
RETINA allows the security administrator to have on hand a 24-hour automated security consultant and penetration tester.
One thing that cannot be overlooked in network security is the ability to test weaknesses like a hacker. The RETINA Network Security Scanner is one such tool - and probably one of the fastest ones on the block.
This is not a traditional intrusion prevention system as such, as it tests network nodes for known vulnerabilities and weaknesses. Rather, it is a bit like an automated security consultant.
Installing the application was very quick and we had it running a scan in next to no time. But before it ran anything, it updated its signature file of known exploits from the internet, allowing us to seek out problems in our test network.
The console is very clean looking and has the appearance of an internet browser. It was very easy to navigate through it and configure how the software will run. The initial screen features four options called modules: browser, miner, scanner and tracer.
Of these, the scanner module is probably the most important, scanning machines both on the local network and over the internet. Even a machine with all the latest patches applied showed some vulnerabilities, in part due to poor configuration.
One way that this tool differs from so many others on the market is in the use of a technique called common hacking attack method (CHAM). This is a piece of artificial intelligence that imitates how a hacker would attack a network, and report on what it finds. While RETINA runs most of its scans in a 'non-intrusive' mode, so as not to disrupt systems, in CHAM mode the application performs numerous hacking attempts on the most popular protocols such as HTTP, FTP, POP3 and SMTP. But it is very uncertain if the artificial intelligence can truly mimic the behavior of a hacker or script kiddie.
After analysis, the findings are presented in a report that lists the vulnerabilities found in the target system. The report was very detailed and professional-looking, and gave details of how the defects could be patched up.
On the whole this product is not an intrusion prevention system in the truest sense of the word. But if used on a system to spot flaws early on it can prevent the attacks from ever happening.