eEye Digital Security raises the standard in enterprise endpoint protection
with a management console that could almost be called next generation. The chic
new GUI, called Retina CS, allows the top-notch Blink client agent to be
managed quickly and easily in large enterprise environments.
Blink has a large installed base, and I've been impressed with it in tests,
but I have been frustrated time and time again with the clumsy (although
full-featured) REM management console. My
exclusive first look at Retina CS 1.0.0, which achieved GA status in December,
shows that Blink now has the management console it has always deserved.
For images of eEye's Retina CS in action, click here.
Retina CS for vulnerability management starts at $10,000 for 256 devices.
Retina CS for endpoint protection starts at $2,500 for 25 devices. I tested
Retina CS with both vulnerability management and endpoint protection.
I
quickly and easily installed Retina CS on a Lenovo RD120 server with dual Intel
Xeon E5430 2.66MHz CPUs, 4GB of RAM and two
250GB SATA hard drives configured for RAID 0.
The prerequisites for Retina CS are pretty important. The management console
can't be installed on a domain controller, and Blink agents are best managed
within Active Directory. If your organization already has Blink agents
installed on workstations, then the agents will have to be upgraded to Version
4.5.1 to be compatible with Retina CS.
Security administrators accustomed to REM's
ugly, clumsy HTML tables and drop-down boxes will be as shocked as I was to see
Retina CS' Adobe Flash-based interface with auto-zooming charts and menus that
flew out from asset names when I hovered my mouse over them. After
spending a few hours deploying agents, running scans and sifting through
reports, I really began to appreciate the elegance of the interface. After orienting
myself, I found I could assess the total health of my endpoints—vulnerabilities,
attacks, viruses, spyware and malware—and drill down into specific assets and
asset groups for immediate scans, reports and remediation.
I'm not saying that the management GUI is perfect. There are some wacky
incongruities. For example, about 90 percent of the options for configuring the
Blink agent are buried under Misc. Options. That puts important settings such
as scan archived files and auto-update options for agents four levels deep
within the Policy Editor. Yet, once there, I found helpful sliders and
drop-down boxes (instead of empty text boxes) that let me, for example, set
quick scan decompression depth and the day for a weekly scan.
Retina CS provides a complete Web-based help system of step-by-step
instructions that is much more informative and easier to navigate than most
enterprise software products, but falls short when compared with the rest of
the management interface. Where are the video demonstrations and educational
lectures? More and more products, including IBM
Rational AppScan, offer these types of rich multimedia help elements. The early
build of Retina CS that I reviewed did have placeholders for links to more
information online, so the pieces are in place for eEye to further enhance the
help.
Reporting
Retina CS reports are informative and easy to understand. (I was a little
confused, however, when I had to go to Scan to generate a report and to Reports
to read the reports.)
Once generated, reports are organized like tiles, and grouped by
vulnerability, attack or asset. Reports are extremely easy to customize because
everything is drag and drop. For example, by simply dragging and dropping
elements, I could audit only servers or Windows servers, or fill in a box with
some custom text and place it on a cover page.
Retina CS supports multiple different group and user accounts, as well as
what these accounts can see and do with the management console. I easily
established a new group called Level One, assigned minimal access to a few
required management tasks, and locked the group down so it could be logged into
only from my LAN. This kind of granularity
goes a long way in an enterprise, where management of events, assets,
workstations, servers and many other specific tasks might be split over various
groups.
I truly enjoyed the eye-opening experience of using a completely Flash-based
management console for Blink. Some organizations may not want to run Adobe
Flash because they don't want to expose themselves to yet another application's
vulnerabilities, and others might find this type of next-generation GUI
disconcerting.
However, as the Web has gone from text and tables to Flash, so will
enterprise management software. Retina CS is just there a little bit earlier
than anyone else. Don't be surprised to see market leaders such as McAfee,
Symantec and Sophos follow eEye's example.
Matthew D. Sarrel is executive director of Sarrel
Group, an IT test lab, editorial services and consulting firm
in New York.
/ 8 
IT Security & Network Security News & Reviews News & Reviews 
