Retina CS Enterprise Vulnerability Management

Retina CS

Enterprise Vulnerability Management

Retina CS delivers large-scale, cross-platform vulnerability assessment and remediation, with available configuration compliance, patch management and compliance reporting.

Enterprise Vulnerability Management Software for Dynamic IT Environments

Retina CS is the only vulnerability management software solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis. Retina’s results-oriented architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across disparate and heterogeneous infrastructure. Over 10,000 customers worldwide rely on Retina to enable visible, measurable and actionable vulnerability management across their organizations. Retina CS Enterprise Vulnerability Management software enables you to:

  • Discover network, web, mobile, cloud, virtual, Docker images and IoT infrastructure
  • Profile asset configuration and risk potential
  • Pinpoint vulnerabilities, malware and attacks
  • Analyze threat potential and return on remediation
  • Remediate vulnerabilities via integrated patch management (optional)
  • Report on vulnerabilities, compliance, benchmarks, etc.
  • Protect endpoints against client-side attacks
  • Make more informed privilege decisions
Zero-Gap Vulnerability Management for Diverse Infrastructure

Zero-Gap Vulnerability Management for Diverse Infrastructure

Able to discover and assess any IT resource in your organization, Retina CS offers zero-gap vulnerability management coverage of the largest, most diverse IT environments. Agentless and agent-based scanning protects assets, whether they are connected to your network or not.

Unmatched Scalability and Flexibility for Large Enterprises

Unmatched Scalability and Flexibility for Large Enterprises

Retina’s multi-tier architecture gives you optimal scalability and maximum control over your enterprise vulnerability management processes. It is designed for simple deployment and management of networks with multiple firewalls, IDS/IPS, VLANS and disparate locations.

Results-Driven Reporting and Analytics

Results-Driven Reporting and Analytics

With the most powerful reporting and analytics capabilities in its class, Retina CS makes it easy to make smart decisions, communicate risk, and report vulnerability management progress to executives and compliance auditors.

Extensive Compliance Coverage

Extensive Compliance Coverage

The Regulatory Reporting Module simplifies compliance reporting for COBIT, GLBA, HIPAA, HITRUST, ISO-27002, ITIL, MASS 201, NERC-FERC, NIST, PCI, SOX, and many more government and industry mandates.

Learn More   

Seamless Patch Management

Seamless Patch Management

The Patch Management Module closes the loop on vulnerabilities with seamless patching for Microsoft and third-party applications. Integrated, automated and agentless, the solution improves the efficiency of your patching process.

Learn More   

Automated Configuration Compliance

Automated Configuration Compliance

The Configuration Compliance Module streamlines auditing and reporting against industry configuration guidelines and best practices from FDCC, NIST, STIGS, USGCB, CIS and Microsoft.

Learn More   

The Largest Ecosystem of Integrated Partner Solutions

The Largest Ecosystem of Integrated Partner Solutions

Out-of-the-box integration with multiple SIEMs and firewalls connects the dots on risk analysis, giving security teams a holistic view of enterprise-wide security and enabling prioritization of the most impactful risks regardless of the source.


Internet of Things (IoT) Vulnerability Scanning

Internet of Things (IoT) Vulnerability Scanning

Retina’s built-in IoT audits enable organizations to Identify the make and model of vulnerable IoT devices, and safely check them for default and hard-coded credentials used with Telnet, SSH, or Basic HTTP Authentication.

Download free Retina IoT Scanner.

Fully Integrated Authenticated Scanning

Fully Integrated Authenticated Scanning

Retrieve credentials with the highest level of privileges through native integration with PowerBroker Password Safe on each scan target when multiple scan credentials are provided. Using Password Safe in conjunction with Retina eliminates the concern of internally sharing highly-privileged credentials, or having static, never-changing, scan credentials.

Make Better Privilege Decisions with Vulnerability Insights

Make Better Privilege Decisions with Vulnerability Insights

Leverage patented technology to automatically scan applications for vulnerabilities at run time to better inform IT and security teams on privileged access, enforce quarantine, reduce application privileges, or prevent the launch of applications altogether based on policy.

Flexible Deployment Options

Flexible Deployment Options

BeyondTrust solutions can be deployed on premise via software or hardware appliance, or hosted in the cloud through services including Amazon Web Services and Azure Marketplace.

Common Criteria Certified

Common Criteria Certified

Common Criteria is an internationally recognized set of guidelines created to insure a high and consistent standard for evaluating information security products. You can have confidence in the security of the products that have earned this certification through extensive independent lab evaluations, and avoid the cost and complexity of additional testing. Retina CS has earned Common Criteria Certification under an Evaluation Assurance Level (EAL)2+.


Results-Driven Architecture: Start by specifying what you want to accomplish, such as generating a vulnerability report, a HIPAA compliance report, or an asset delta report.

Intelligent Analytics: Run what-if scenarios and team capacity analyses to inform resource allocation decisions.

Interactive Results: Home in on data pertaining to a specific audience or goal.

260+ Actionable Reports: Communicate with technical and non-technical audiences.

Compliance Reporting: Map vulnerability and configuration audits to COBIT, GLBA, HIPAA, HITRUST, ISO-27002, ITIL, MASS 201, NERC-FERC, NIST, PCI, SOX and more (optional).

Advanced Threat Intelligence: Gauge severity based on asset scoring, BeyondTrust malware & exploit research, NSRL, exploit databases, CVSS v2 & v3, CWE and more.

Trending, Deltas, Threat Analyzers and Heat Maps: Share vulnerability management progress with executives, compliance auditors and others.

Configuration Benchmarking: Scan against benchmarks including DISA Gold Disk, SCAP, NIST, FDCC, USGCB, CIS and Microsoft®; customize images to match in-house policies; CIS Security Benchmark certified (optional).

SLA Compliance Reports: Measure threat severity level against dynamic asset groupings.

Pivot Grid Ad-Hoc Reporting: Meet unique business requirements by creating customized reports using virtually any data collected by Retina.

Third-Party Integration: Share data with SIEM, GRC, NMS and help desk solutions.


Vulnerability Assessment: Flag vulnerabilities, attacks, and malware by asset for a complete view of a device’s risk.

Comprehensive Discovery: Locate known and previously unknown assets across network (local and remote), web, mobile, cloud and virtual environments.

Asset Profiling: Gather information including IP, DNS, OS, MAC address, ports, services, software, processes, hardware, event logs and more.

Asset Smart Groups: Group, assess, and report on assets by IP range, naming convention, operating system, domain, applications, business function, Active Directory and more.

Asset Context Awareness: Evaluate Smart Group value & risk based on collateral damage potential or target distribution, plus confidentiality, integrity and availability requirements.

Customizable Asset Risk: Weigh asset risks based on threat risk or exposure risk, and then apply a scale of 1-10 to prioritize remediation.

Cloud Scanning: Discover and scan online and offline Amazon®, GoGrid®, IBM®, Rackspace® and VMware® environments.

VMware Verified: Scan virtual environments requiring PCI and HIPAA compliance.

Patch Management: Remediate vulnerabilities with onboard patch management for Microsoft WSUS and SCCM for Microsoft and third-party applications (optional).

Unmatched Reporting: Tap into the included BeyondInsight central data warehouse for targeted reports.

User Risk Discovery: Map vulnerability management data to privileged account management data (from BeyondTrust PowerBroker solutions) to reveal user-triggered risks.

Scheduling and Alerts: Schedule assessments and configure email alerts.


Automated Credentialed Scans: Automate the use of continuously rotating privileged credentials with PowerBroker Password Safe.

Flexible Deployment: Deploy software, appliances and/or virtual machines.

N-Tier, Multitenant Architecture: Ensure maximum scalability & gain centralized control.

Scalable Scan Engines: Each Retina scan engine can singlehandedly cover a Class-A network.

Credential Management: Retina CS automatically selects the credentials with the highest level of privileges on each scan target when multiple credentials are provided.

Retina Protection Agent: Local assessment, continuous zero-day monitoring, and intrusion prevention for offline devices.

Role-Based Access: Provide permissioned access to view, assess and report on data.

Centralized Dashboards: Consolidate and report on enterprise-wide activities.

Scanner Pooling: Direct multiple scanners to collaboratively assess large environments.

Integrated Data Warehouse: Sort and filter historical data to gain multiple perspectives.

Modern User Interface: Interact seamlessly with massive amounts of data.

Local and Remote Scanning: Cover segregated, firewalled and disparate infrastructure.

Effortless Updates and Upgrades: Expand capabilities through license key updates.

Retina Host Security Scanner: Very Fast and highly accurate host-based scanning of cloud, virtual and remote platforms.

Internet of Things Scanning: Identify at-risk IoT devices, such as IP cameras, DVRs, printers, routers, and more. Download free Retina IoT scanner.

Enterprise Vulnerability Management with Retina CS

1 "What's on My Network?"

Today’s IT infrastructures are complex, with a mix of in-house physical and virtual systems, cloud-based environments, BYOD and a honeypot of networks derived from mergers and acquisitions. You may not know what is actually plugged into your networks and where the risks are. With agentless and optional agent technology, Retina CS can discover and assess all enterprise assets regardless of network complexity or device type.

2 No More Massive Reports

Vulnerability reports can be overwhelming. Retina CS delivers unmatched reporting and analytics to help organizations quickly understand their risk and properly prioritize remediation efforts. The solution also includes BeyondInsight threat analytics capabilities that help identify anomalies associated with security risks, often buried and missed, within large volumes of scan data.

3 Prioritize Remediation

Any vulnerability management tool can scan and produce a data dump of found vulnerabilities. Few extend beyond that silo to correlate vulnerable applications to those that are actually being used, on what systems and by what users. BeyondTrust provides this additional value, enabling organizations to focus their remediation efforts on applications that pose a higher risk as they are actively being used vs. those that may be part of a standard company image but seldom or never used.

4 Make Auditors Happy

Retina CS helps organizations identify, assess and manage IT risks associated with PCI, HIPPA, SOX, GLBA and several other compliance mandates. The solution makes it simple to demonstrate compliance via enumerated data mapping and automated report generation. Retina CS also provides compliance-driven dashboards to make it easy to respond to compliance violations.

Related Resources: Get the most out of Enterprise Vulnerability Management