Installation and Usage
Installing Retina is pretty straightforward. The application comes in a single executable with wizard-driven installer. After a few basic questions, Retina was installed and I was ready to use it. When first opened, Retina NSS took a few minutes to loads its large vulnerability database. Subsequent loads of Retina were much quicker.
Typically, a user starts with host discovery. Retina includes a nice, easy to use host discovery tool. Input a range of IP addresses and Retina will scan your network for hosts (Figure 1). The nice thing is that you can have Retina perform subsequent discovery scans on a scheduled basis.
After discovering hosts, you can move on to the Audit tab in the Retina interface. The Audit tab lets you set up scans for individual or groups of computers. You can also specify which ports to scan and which Audits to perform. Like the host discovery, you can also set up scheduled scans. Once you begin the scan, the results are updated in real-time on the same screen. It’s a nice layout for those that want immediate feedback – not only do you see that the scan is running, you see the results of the audit as well (Figure 2).
After the scan completes, users move on to the Remediate tab. This allows you to easily generate a report stating a recommended remediation plan based on the priority of the vulnerabilities found along with the number of hosts affected (Figure 3). Although I wasn’t able to test this feature, Retina also gives you instructions on how to fix specific vulnerabilities and in some cases can remotely correct security issues such as registry settings and file permissions using Retina’s “Fix-It" function.
The last tab in Retina is for reporting. I liked that Retina gives you several options and filters for creating custom reports. You can create high-level executive summaries (Figure 4), Summary reports, reports of vulnerabilities found and PCI reports. I was surprised to find that you can’t schedule reports like you can with host discovery and auditing. It would have been nice to have a report automatically sent to a user after an audit scan completes, but this is a minor quibble.