REVIEW: eEye's Retina CS Is the Management Console the Blink Agent Always Deserved
eEye Digital Security raises the standard in enterprise endpoint protection with a management console that could almost be called next generation. The chic new GUI, called Retina CS, allows the top-notch Blink client agent to be managed quickly and easily in large enterprise environments.
Blink has a large installed base, and I've been impressed with it in tests, but I have been frustrated time and time again with the clumsy (although full-featured) REM management console. My exclusive first look at Retina CS 1.0.0, which achieved GA status in December, shows that Blink now has the management console it has always deserved.
Retina CS for vulnerability management starts at $10,000 for 256 devices. Retina CS for endpoint protection starts at $2,500 for 25 devices. I tested Retina CS with both vulnerability management and endpoint protection.
I quickly and easily installed Retina CS on a Lenovo RD120 server with dual Intel Xeon E5430 2.66MHz CPUs, 4GB of RAM and two 250GB SATA hard drives configured for RAID 0.
The prerequisites for Retina CS are pretty important. The management console can't be installed on a domain controller, and Blink agents are best managed within Active Directory. If your organization already has Blink agents installed on workstations, then the agents will have to be upgraded to Version 4.5.1 to be compatible with Retina CS.
Security administrators accustomed to REM's ugly, clumsy HTML tables and drop-down boxes will be as shocked as I was to see Retina CS' Adobe Flash-based interface with auto-zooming charts and menus that flew out from asset names when I hovered my mouse over them. After spending a few hours deploying agents, running scans and sifting through reports, I really began to appreciate the elegance of the interface. After orienting myself, I found I could assess the total health of my endpoints-vulnerabilities, attacks, viruses, spyware and malware-and drill down into specific assets and asset groups for immediate scans, reports and remediation.
I'm not saying that the management GUI is perfect. There are some wacky incongruities. For example, about 90 percent of the options for configuring the Blink agent are buried under Misc. Options. That puts important settings such as scan archived files and auto-update options for agents four levels deep within the Policy Editor. Yet, once there, I found helpful sliders and drop-down boxes (instead of empty text boxes) that let me, for example, set quick scan decompression depth and the day for a weekly scan.
Retina CS provides a complete Web-based help system of step-by-step instructions that is much more informative and easier to navigate than most enterprise software products, but falls short when compared with the rest of the management interface. Where are the video demonstrations and educational lectures? More and more products, including IBM Rational AppScan, offer these types of rich multimedia help elements. The early build of Retina CS that I reviewed did have placeholders for links to more information online, so the pieces are in place for eEye to further enhance the help.
Retina CS reports are informative and easy to understand. (I was a little confused, however, when I had to go to Scan to generate a report and to Reports to read the reports.)
Once generated, reports are organized like tiles, and grouped by vulnerability, attack or asset. Reports are extremely easy to customize because everything is drag and drop. For example, by simply dragging and dropping elements, I could audit only servers or Windows servers, or fill in a box with some custom text and place it on a cover page.
Retina CS supports multiple different group and user accounts, as well as what these accounts can see and do with the management console. I easily established a new group called Level One, assigned minimal access to a few required management tasks, and locked the group down so it could be logged into only from my LAN. This kind of granularity goes a long way in an enterprise, where management of events, assets, workstations, servers and many other specific tasks might be split over various groups.
I truly enjoyed the eye-opening experience of using a completely Flash-based management console for Blink. Some organizations may not want to run Adobe Flash because they don't want to expose themselves to yet another application's vulnerabilities, and others might find this type of next-generation GUI disconcerting.
However, as the Web has gone from text and tables to Flash, so will enterprise management software. Retina CS is just there a little bit earlier than anyone else. Don't be surprised to see market leaders such as McAfee, Symantec and Sophos follow eEye's example.
Matthew D. Sarrel is executive director of Sarrel Group, an IT test lab, editorial services and consulting firm in New York.