Beyondtrust

Retina CS Enterprise Vulnerability Management Software

Retina delivers large-scale, cross-platform vulnerability assessment and remediation, with available configuration compliance, patch management and compliance reporting.

Enterprise Vulnerability Management Software for Dynamic IT Environments

Retina CS is the only vulnerability management software solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis. Retina’s results-oriented architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across disparate and heterogeneous infrastructure. Over 10,000 customers worldwide rely on Retina to enable visible, measurable and actionable vulnerability management across their organizations. Retina CS Enterprise Vulnerability Management software enables you to:

  • Discover network, web, mobile, cloud and virtual infrastructure
  • Profile asset configuration and risk potential
  • Pinpoint vulnerabilities, malware and attacks
  • Analyze threat potential and return on remediation
  • Remediate vulnerabilities via integrated patch management (optional)
  • Report on vulnerabilities, compliance, benchmarks, etc.
  • Protect endpoints against client-side attacks
Watch Video: The 5 Keys to Context-Aware Vulnerability Management

Learn about Retina’s 5 Keys to Context-Aware Vulnerability Management

"[Retina's] long history with large deployments and advanced data analysis tools should be a value to enterprises looking to improve their vulnerability management practices."

Gartner 2014 Gartner, Vulnerability and Security Configuration Assessment
Solutions Comparison, Anton Chuvakin, 4.1.2014
ZERO-GAP VULNERABILITY MANAGEMENT FOR DIVERSE IT ENVIRONMENTS
Able to discover and assess any IT resource in your organization, Retina CS offers zero-gap vulnerability management coverage of the largest, most diverse IT environments. Agentless and agent-based scanning protects assets, whether they are connected to your network or not.
RESULTS-DRIVEN REPORTING AND ANALYTICS
With the most powerful reporting and analytics capabilities in its class, Retina CS makes it easy to make smart decisions, communicate risk, and report vulnerability management progress to executives and compliance auditors.
UNMATCHED SCALABILITY AND FLEXIBILITY FOR LARGE ENTERPRISES
Retina’s multi-tier architecture gives you optimal scalability and maximum control over your enterprise vulnerability management processes. It is designed for simple deployment and management of networks with multiple firewalls, IDS/IPS, VLANS and disparate locations.
EXTENSIVE COMPLIANCE COVERAGE
Retina CS simplifies compliance initiatives and reporting for COBIT, GLBA, HIPAA, HITRUST, ISO-27002, ITIL, MASS 201, NERC-FERC, NIST, PCI, SOX, and many more government and industry regulations.
SC MAGAZINE 2014

"Using this console, security professionals and system administrators alike can easily find and analyze weaknesses throughout the entire enterprise infrastructure."

SC MAGAZINE 2014

THE BEST VULNERABILITY MANAGEMENT REPORTING

  • Results-Driven Architecture: Start by specifying what you want to accomplish, such as generating a vulnerability report, a HIPAA compliance report, or an asset delta report.
  • Intelligent Analytics: Run what-if scenarios and team capacity analyses to inform resource allocation decisions.
  • Interactive Results: Home in on data pertaining to a specific audience or goal.
  • 260+ Actionable Reports: Communicate with technical and non-technical audiences.
  • Compliance Reporting: Map vulnerability and configuration audits to COBIT, GLBA, HIPAA, HITRUST, ISO-27002, ITIL, MASS 201, NERC-FERC, NIST, PCI, SOX and more (optional).
  • Advanced Threat Intelligence: Gauge severity based on asset scoring, BeyondTrust malware & exploit research, exploit databases, exploitability indices, CVSS and more.
  • Trending, Deltas, Threat Analyzers and Heat Maps: Share vulnerability management progress with executives, compliance auditors and others.
  • Configuration Benchmarking: Scan against benchmarks including DISA Gold Disk, SCAP, NIST, FDCC, USGCB, CIS and Microsoft®; customize images to match in-house policies; CIS Security Benchmark certified (optional).
  • SLA Compliance Reports: Measure threat severity level against dynamic asset groupings.
  • Pivot Grid Ad-Hoc Reporting: Meet unique business requirements by creating customized reports using virtually any data collected by Retina.
  • Third-Party Integration: Share data with SIEM, GRC, NMS and help desk solutions.

ENTERPRISE VULNERABILITY MANAGEMENT FOR LARGE ENVIRONMENTS

  • Flexible Deployment: Deploy software, appliances and/or virtual machines.
  • N-Tier, Multitenant Architecture: Ensure maximum scalability & gain centralized control.
  • Scalable Scan Engines: Each Retina scan engine can singlehandedly cover a Class-A network.
  • Retina Protection Agent: Local assessment, continuous zero-day monitoring, and intrusion prevention for offline devices.
  • Role-Based Access: Provide permissioned access to view, assess and report on data.
  • Centralized Dashboards: Consolidate and report on enterprise-wide activities.
  • Scanner Pooling: Direct multiple scanners to collaboratively assess large environments.
  • Integrated Data Warehouse: Sort and filter historical data to gain multiple perspectives.
  • Modern User Interface: Interact seamlessly with massive amounts of data.
  • Local and Remote Scanning: Cover segregated, firewalled and disparate infrastructure.
  • Effortless Updates and Upgrades: Expand capabilities through license key updates.

VULNERABILITY MANAGEMENT CAPABILITIES THAT GO BEYOND SCANNING

  • Vulnerability Assessment: Flag vulnerabilities, attacks, and malware by asset for a complete view of a device’s risk.
  • Comprehensive Discovery: Locate known and previously unknown assets across network (local and remote), web, mobile, cloud and virtual environments.
  • Asset Profiling: Gather information including IP, DNS, OS, MAC address, ports, services, software, processes, hardware, event logs and more.
  • Asset Smart Groups: Group, assess, and report on assets by IP range, naming convention, operating system, domain, applications, business function, Active Directory and more.
  • Asset Context Awareness: Evaluate Smart Group value & risk based on collateral damage potential or target distribution, plus confidentiality, integrity and availability requirements.
  • Cloud Scanning: Discover and scan online and offline Amazon®, GoGrid®, IBM®, Rackspace® and VMware® environments.
  • VMware Verified: Scan virtual environments requiring PCI and HIPAA compliance.
  • Patch Management: Remediate vulnerabilities with on-board patch management for Microsoft WSUS and SCCM for Microsoft and third-party applications (optional).
  • Unmatched Reporting: Tap into the included BeyondInsight central data warehouse for targeted reports.
  • User Risk Discovery: Map vulnerability management data to privileged account management data (from BeyondTrust PowerBroker solutions) to reveal user-triggered risks.
  • Scheduling and Alerts: Schedule assessments and configure email alerts.

NETWORK VULNERABILITY ASSESSMENT

  • Assess network devices, operating systems, applications, ports and services against a constantly updated vulnerability database.
  • Identify and manage user privileges (via BeyondTrust PowerBroker solutions).
  • Accurately identify vulnerabilities with a false positive rate below 1%.
  • Perform Class C network scans in fewer than 15 minutes on average.
  • Discover assets across Class A networks via unique scan pooling technology.
  • Get PCI DSS 3.0 scanning and reporting capabilities out of the box.
  • Receive updates within 48 hours of new critical vulnerabilities.

CLOUD VULNERABILITY ASSESSMENT

  • Determine which instances are running, when they move, and how they behave when they interact with your environment – even when powered off.
  • Track virtual machines by instance ID, rather than host name or IP, to properly determine state of the virtual machine.
  • Amazon AWS, IBM SmartCloud, GoGrid, Rackspace, and VMware vCenter connectors are available.

Virtual Environment SCANNING

  • Assess VMware ThinApp applications for vulnerabilities.
  • Power-on and reconfigure VMware offline images for assessment.
  • Optional vSphere plug-in for managing scans directly from the vSphere Windows Client

WEB APPLICATION VULNERABILITY ASSESSMENT

  • Conduct automated vulnerability assessment and web crawling with no scripting required.
  • Detect OWASP Top Ten vulnerabilities including SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, OS Command Injection, and more.
  • Standard web application scanning for meeting PCI DSS 3.0 requirements is fully integrated with no additional licensing needed.
  • Expand OWASP coverage and auditing capabilities with optional Web Essentials Module.
  • » Compare web application assessment capabilities across the Retina family of solutions.

MOBILE DEVICE SCANNING

  • Identify mobile devices connecting to your network and mail system.
  • Conduct agent-based and agentless vulnerability assessments.
  • Ensure devices are in compliance with PCI, HIPAA and other regulations.
  • Android, Blackberry Enterprise Server, and MS Exchange ActiveSync connectors are available.

Endpoint Protection and Local Assessment

  • Get local vulnerability assessment, zero-day monitoring, and intrusion prevention with the Retina Protection Agent

Datasheet

Retina CS Enterprise Vulnerability Management

Retina CS Enterprise Vulnerability Management

BeyondTrust Retina CS is the only vulnerability management solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis. Retina’s results-driven architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud and virtual infrastructure.

Documentation

Retina 5.20 New and Updated Features

Retina 5.20 New and Updated Features

Both Retina Network Security Scanner and Retina CS Enterprise Vulnerability Management benefit from the v5.20 updates, which offer expanded scanning coverage for virtual, web and network environments. As a result, IT and security leaders gain the visibility they need to better understand and mitigate the data breach risks facing their organizations.

White Paper

Retina CS Manifesto

Retina CS Vulnerability Management Manifesto

Most vulnerability management solutions do little to help security leaders put vulnerability and risk information in the context of business. Saddled with volumes of rigid data and static reports, the security team is left to manually discern real threats and determine how to act upon them. At BeyondTrust, we believe that security professionals deserve more from their vulnerability management solutions.

Datasheet

Retina CS Reporting

Retina CS Reporting

Retina CS provides results-driven reporting and analytics capabilities that bring risk into focus enterprise-wide. Through Retina’s intuitive dashboard interface, you simply indicate the type of information you need, such as an SLA report or a HIPAA compliance report, and define the business context of your assets. Retina then delivers targeted, relevant and actionable vulnerability data in a wide variety of formats.

Datasheet

Retina CS Appliance

Retina CS Appliance

Retina CS Appliance includes all standard Retina CS software capabilities, plus integrated patching for end-to-end vulnerability management and remediation. Everything is pre-installed, configured and tuned on a powerful Windows server, enabling you to get up and running in a matter of minutes.

Datasheet

Retina CS Modules

Retina CS Modules

By adding Retina Patch Management, Configuration Compliance and Regulatory Reporting modules to Retina CS, you not only gain a more holistic view of your enterprise security posture, but also significantly improve the efficiency of your vulnerability management program.

Introducing Retina v5.20: Expanded Vulnerability Assessment Coverage for Zero-Gap Visibility

11/4/2014

Today, we’re excited to announce new releases of both our Retina vulnerability assessment technology and the BeyondInsight risk management platform. Here’s a brief overview of what’s new in Retina. Retina v5.20 is an update to the vulnerability assessment engine that drives Retina Network Security Scanner and Retina CS Enterprise Vulnerability Management. The release extends Retina’s... more

Keeping Track of Shellshock Vulnerabilities with Retina CS and BeyondInsight

10/2/2014

Worried about BASH Shellshock? Retina CS Enterprise Vulnerability Management can scan your environment to identify applications affected by Shellshock. BeyondTrust has generated several Retina vulnerability audits to help our customers identify the various permutations of applications affected by Shellshock. The BeyondInsight Analytics and Reporting engine, included with Retina CS, makes it simple to view and... more

Where Passive Scanning Falls Short

7/11/2014

In many sports, as in business, teams will promote a strategy to gain an edge – even if the concept is possibly flawed. Consider an American football hurry-up offense: will it cause the defense to stumble, or will it just exhaust the offense? The play has potential pros and cons, and many strategic technologies are... more

Tidings from the Year 2036: The Search for Relevant Security Data

6/24/2014

A few years ago, I wrote a blog post about finding personal information online. I recently Googled myself again to see who knows what about me. I expected to find some posts and papers I’ve written, and maybe some of my contact details. Instead, the majority of the first-page results associate my name with a... more

Identifying Android Phone Vulnerabilities that Threaten Your Corporate Network

5/20/2014

According to a recent McKinsey survey, more than 80% of employees now use personal smartphones for work-related purposes. Vulnerable smartphones can spread malware to business infrastructure via emailed attachments and to corporate networks through bots. Assessing mobile devices for vulnerabilities that could lead to infections and data manipulation is therefore a real concern for data... more

BeyondTrust Receives 5 Star Rating from SC Magazine

2/4/2014

Recently our UVM20 Security Management Appliance received a perfect 5-star review + “Best Buy” recognition from SC Magazine. Read the full review here. The UVM20 includes several pre-installed and pre-configured solutions: Retina Network Security Scanner, PowerBroker for UNIX/Linux, and PowerBroker for Windows, plus our patch management, regulatory reporting and configuration compliance modules — in addition... more

Retina Performs Continuous Vulnerability Assessment

1/28/2014

SANS Critical Control 4 specifies criteria for continuous vulnerability assessment and remediation. This specification calls for vulnerabilities to be continuously assessed, correlated, and reported upon in real-time based on public disclosure and identification of new or changed assets. Critical Control 4 is mandated by many government agencies, and requires prompt automated remediation that adheres to... more

Building Automated Vulnerability Audit Groups

9/20/2013

From time to time, the field engineering team and I see the same request cross our desks in a short period of time. This time it was how to remove certain types of audits from running when performing a vulnerability scan originating from Retina CS. The old way of doing things would have required the... more

Top 5 Tips and Tricks for Retina CS 4.5

8/8/2013

I honestly believe we have the best pre-sales, post sales, and technical support departments in the security industry. They are responsive, technical, and can customize BeyondTrust solutions to match individual business requirements, even when they are pretty comprehensive outside-of-the-box. Based on their work, we have an internal process and external knowledge base to document these... more

Controlling User Accounts and Regulatory Compliance

7/15/2013

PCI DSS Requirement 8 requires that organizations must be able to identify and log all user and administrative access to information systems and applications containing credit card and personally identifiable information. In addition, environments must also have a unique ID for every individual that will have computer access to these systems.  This simple requirement can... more

See all Retina CS blog posts

VMware Plug-in for Retina

The industry's first and only vulnerability management solution directly integrated into vCenter.

DATASHEET VMWARE SURVEY Watch Video

Retina CS Enterprise Vulnerability Management

Delivers large-scale, cross-platform vulnerability assessment and remediation, with available configuration compliance, patch management and compliance reporting.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Cofiguration Compliance Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Patch Management Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina CS Enterprise Vulnerability Management

The Regulatory Reporting Module can be purchased as an add-on to Retina CS, which delivers large-scale, cross-platform vulnerability assessment and remediation.

Learn More Request a Free Trial

Retina Network Security Scanner

Integrated network, web & virtual vulnerability assessment. Retina is the security industry’s most respected and industry-validated security scanner and serves as the engine for our vulnerability management solutions. There is no better option for securing your network from vulnerabilities.

Learn More Request a Free Trial

Retina Web Security Scanner

Rapidly and accurately scan large, complex web sites and web applications to tackle web-based vulnerabilities including cross-site scripting (XSS) and SQL injection.

Learn More Request a Free Trial

PowerBroker Event Vault

Automate and streamline the collection and management of standard Windows event log data and provide scalable and flexible centralized storage in the PowerBroker event database.

Learn More Request a Free Trial

PowerBroker Identity Services

Quickly and easily integrate your Linux and UNIX servers into your Active Directory infrastructure.

Learn More Request a Free Trial

PowerBroker Identity Services Open Edition

Available as a free and open source version of PowerBroker Identity Services, giving you the access and flexibility to tailor your Active Directory bridging project

Download Now

PowerBroker UNIX & Linux

Quickly and easily manage root access on UNIX and Linux servers, without ever disclosing the system password.

Learn More Request a Free Trial

PowerBroker for Windows

Implement least privilege for your Windows desktop environment, reducing attack surface and driving down costs.

Learn More Request a Free Trial

PowerBroker Auditor
for Active Directory

Track unauthorized changes to Active Directory and Group Policy configurations.

Learn More Request a Free Trial

PowerBroker Auditor
for Exchange

Tracks and reports all changes made to all Exchange Server configurations, groups, mailbox policies, information store changes, and permissions in a centralized audit log.

Learn More Request a Free Trial

PowerBroker Auditor
for File System

Enables tighter security and control over file system resources, including real-time tracking, interactive analysis, and flexible reporting on all key share, file, and folder changes.

Learn More Request a Free Trial

PowerBroker Auditor
for SQL Server

Monitor and review privileged user changes on SQL servers. Easily map your SQL activities with regulatory mandates such as GLBA, SOX, HIPAA, and PCI through consistent auditing and reporting.

Learn More Request a Free Trial

PowerBroker Privilege Explorer

Provides a centralized view of access and privileges, so you can be sure that users have access to the resources they need to do their jobs, and only those resources.

Learn More Request a Free Trial

PowerBroker Endpoint Protection Platform

Formerly known as "Blink", multi-layered security and attack prevention for windows desktops and servers.

Learn More Request a Free Trial

PowerBroker Recovery
for Active Directory

Advanced continuous data protection for Active Directory, providing unparalleled visibility and change control.

Learn More Request a Free Trial

PowerBroker Password Safe

Automate Password Management for Increased Security across your entire dynamic infrastructure.

Learn More Request a Free Trial

PowerBroker Servers Enterprise

Combine the power of our UNIX/Linux root delegation and our AD bridging for an enterprise approach to server compliance

Learn More Request a Free Trial

BeyondSaaS

A cloud-based, external vulnerability assessment solution that conducts fast, affordable security assessments of your public-facing network infrastructure and web applications.

Learn More Request a Free Trial

BeyondInsight

Merge privileged account management and vulnerability management solutions into a single, contextual lens through which to view and address user and asset risk.

Learn More Request a Free Trial

Retina Protection Agent

Close the security gap created by systems that can't be reached with remote vulnerability assessments alone with this lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and intrusion prevention.

Learn More

Configuration Compliance Module

This Retina CS add-on module defines and manages security policies to monitor compliance with industry and internally developed benchmarks such as Microsoft, NIST, USBCG, and DISA STIGs.

Learn More

Patch Management Module

This Retina CS add-on module seamlessly integrated, automated, agentless Windows patch management closes the loop on unpatched vulnerabilities.

Learn More

Regulatory Reporting Module

This Retina CS add-on module contains automated solutions to help navigate complex corporate policies, government regulations, and industry standards such as SOX, PCI, FISMA, and ISO.

Learn More
Compare Retina Products

Compare Retina Products

The Retina family of products offers many levels of protection and unique features for a variety of needs. Explore this comparison table to find the vulnerability management solution that is right for you.

Compare Retina Products

Retina CS and BeyondInsight

Retina CS is part of the BeyondInsight IT Risk Management Platform, which unifies Retina CS Enterprise Vulnerability Management with available PowerBroker privileged account management solutions. Capabilities include:

  • Centralized solution management and control via common dashboards
  • Asset discovery, profiling and grouping
  • Reporting and analytics
  • Workflow and ticketing
  • Data sharing between Retina and PowerBroker solutions

The result is a fusion of user and asset intelligence that allows IT and security teams to collectively reduce risk across complex environments.

Retina CS Enterprise Vulnerability Management

Vulnerability Management

Identifying, prioritizing, remediating, and mitigating
computer and network vulnerabilities.

Privileged Account Management

Managing user authorization to prevent internal data
breaches and meet compliance regulations.

Fusing
PAM & VM For
Stronger IT Security