Retina Network Security Scanner Technical Overview

Integrated Network, Database and Virtual Vulnerability Assessment

BeyondTrust® Retina® Network Security Scanner is the most sophisticated vulnerability assessment solution on the market. Available as a standalone application or as part of the Retina CS enterprise vulnerability management solution, Retina Network Security Scanner enables you to efficiently identify IT exposures and prioritize remediation enterprise-wide.

Discover all network (local and remote), database, virtual and IoT assets in your environment

• Reveal at-risk personally identifiable information (PII) and other sensitive data
• Identify system, application, database, OS and web application vulnerabilities via agent-based and/or agentless scanning
• Assess risk and prioritize remediation based on exploitability (Core Impact®, Metasploit®, Exploitdb, CANVAS), CVSS v3, CWE and other factors
• Automatically selects the credentials with the highest level of privileges on each scan target when multiple scan credentials are provided.
• Confirm exploitability through penetration testing, with one click to the Metasploit Framework
• Report progress and results to management, compliance, audit, risk and other roles
• Analyze threats and gain security intelligence through the optional Retina CS vulnerability management console
• Share data with solutions for SIEM, GRC and other security management platforms

NETWORK SYSTEMS

• Assess network devices, operating systems, applications, ports and services against a vast, constantly updated vulnerability database
• Identify vulnerable IoT devices, and safely check them for default and hard-coded credentials used with Telnet, SSH, or Basic HTTP Authentication
• Accurately identify vulnerabilities with a false positive rate below 1%
• Perform Class C network scans in under 15 minutes on average
• Leverage ICMP, registry, NetBIOS, and the Nmap signature database, as well as proprietary OS fingerprinting capabilities
• Audit Windows devices using local or domain credentials
• Perform local assessments of Cisco®, Linux, Unix® and other devices via SSH tunneling
• Adjust scans for custom machine configurations, ports and applications via automated input/output data reconciliation on each port
• Support SCAP-compliant, continuous vulnerability and configuration monitoring per DIACAP, FISMA, STIG, FDCC and USGCB guidelines
• Get PCI DSS 3.0 scanning and reporting capabilities out of the box
• Achieve complete vulnerability and configuration scanning across IPv4 and IPv6 networks
• Simplify ad-hoc scanning with single use target types entered as IP address, IP ranges, CIDR, named host or a combination of any of those types

WEB APPLICATIONS

• Conduct automated vulnerability assessment and web crawling with no scripting required
• Detect OWASP Top Ten vulnerabilities including SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, OS Command Injection and more
• Fully integrated into the Retina assessment engine
• Retina provides the user interface for launching web scans and displaying a Web
• Assessment Report that contains findings from those scans

DATABASES

• Scan Oracle®, Microsoft SQL Server® and MySQL databases for security exposures

VIRTUAL ENVIRONMENTS

• Conduct VMware vCenter® scans with detailed risk intelligence for ESXi and virtual machines
• Scan online & offline virtual images, plus virtualized application templates (ThinApp® packages)
• Schedule scans to automatically update the vCenter console with centralized compliance and risk information
• Stay updated on new vulnerabilities that could impact the hyper-visor and virtual machines

This video is about Retina Network Security Scanner Technical Overview that will give you more information regarding this product.

For those who can not join us for the session, please see the summary and highlight clip for the event.

E-SPIN recently run a Retina Network Security Scanner what’s new session cover what new for new user and existing users.

If you have any inquiry or questions, feel free to contact E-SPIN for solution, product and project requirements.