New Feature Highlights for Retina Network Security Scanner 6.0

Retina Network Security Scanner version 6.0 adds several new features that further enhance an organization’s ability to patch vulnerabilities, eliminate security gaps caused by Internet of Things (IoT) devices, prioritize threats, and more efficiently check configuration benchmarks.

New Consolidated Remediation Report

One of the patch management challenges that organizations have to deal with involves superseded updates. Instead of releasing them individually, many Microsoft security patches are released as “rollups” that include both current and previously released updates. A cumulative patch that completely encompasses an earlier one is said to supersede it. We are pleased to announce that Retina Network Security Scanner 6.0 has been designed with patch supersedence in mind. While applying one consolidated patch is operationally easier, this comes at the price of limited visibility – as only the risk scores of the latest update’s vulnerabilities are displayed. However, since you need to be aware of your critical vulnerabilities, Retina 6.0 introduces a consolidated remediation report, which will also display the rolled up vulnerability with the highest threat score. This release of Retina supports only Microsoft patch supersedence, while future releases of our audit database will include non-Microsoft updates.

New Internet of Things (IoT) Audit Group

While the Internet of Things (IoT), sometimes referred to tongue-in-cheek as the “Insecurity of Things”, is still emerging, the threats presented by its rapidly expanding cyberattack surface are no laughing matter. One particular threat scenario in the news these days involves using the Mirai IoT Botnet to launch Distributed Denial of Service (DDoS) attacks, like the one on Dyn that caused a massive internet outage across the United States, or that took the entire country of Liberia offline. In these instances, Mirai was able to infect tens of thousands of IoT devices, turning them into bots. With Retina Network Security Scanner 6.0, organizations now have the capability to identify defenseless IoT devices such as Samsung IP cameras, Dahua DVRs, Xerox printers and SMC routers. Utilizing specific information, such as server banners and header data, Retina is able to reliably pinpoint the make and model of a particular IoT device. From there, Retina can safely test whether or not that device is using default or hard-coded credentials for Telnet, SSH, or Basic HTTP Authentication, as these are the preferred attack vectors that botnets (most notably, Mirai) use to initially gain access to a potential victim.

CVSS Version 3 Support

While the Common Vulnerability Scoring System (CVSS) is not the sole metric for determining risk, the fact that it’s vendor agnostic, and provides a common language across a wide range of systems, makes it an important factor in prioritizing which vulnerabilities to focus on. Earlier this year FIRST announced the availability of CVSS version 3, which contains a number of important enhancements. With this release of Retina, both CVSS v2 and v3 results will be provided within the remediation reports. Enabling you to take full advantage of the frameworks recent important enhancements, for a clearer and more accurate picture of your risk.

CWE Compatibility

Common Weakness Enumeration (CWE) is a community-developed list of common software weaknesses that provides a common language for describing weaknesses, and a baseline for identifying, mitigating, and preventing them. Unlike Common Vulnerabilities and Exposures (CVE), software vulnerabilities that can be directly exploited, CWE enumerates coding flaws, bugs, and other errors that if left unchecked could leave organizations vulnerable to attack. With Retina 6.0, CWE software weakness have been added to the Retina audit database. Now, all CWEs detected will show up within corresponding remediation reports. The additional information that CWE provides gives organizations visibility that goes beyond known vulnerabilities, and further helps them reduce their overall risk posture.

Enhanced Reports

Over this past year, the Retina development team has been working on redesigning the report engine, for increased performance. And now that work is complete, we’ve begun to migrate and enhance several reports, including PCI, remediation, compliance, vulnerability export, and more to this new and improved engine. With this release of Retina, we’ve both enabled Executive and Discovery reports to generate much faster, and have also given them a face lift.

Enhanced SCAP Scan Engine

While previous versions of Retina have supported SCAP configuration benchmark assessments, along with CIS, DISA, Microsoft, and more, Retina 6.0 adds the capability to check multiple SCAP benchmarks per scan job. This enhancement increases efficiencies, since you no longer have to “pair up” configuration assessments with only those targets that are applicable. Retina Network Security Scanner 6.0 automatically determines which SCAP benchmark to apply to which target. As an example, let’s suppose you select a Windows 2012 R2 benchmark and a CISCO IOS 15 benchmark. And for your scan targets you include both Windows 2012 R2 and CISCO devices. Retina is now smart enough to detect the target and rule out/omit any benchmark which is not appropriate, and only execute benchmarks that match. In addition, Retina has achieved certification for Cisco IOS 12 and Cisco IOS 15 benchmarks, published by the Center of Internet Security (CIS).

Common Criteria Certification – In Evaluation!

BeyondTrust is committed to delivering IT products designed with security in mind. To that end, we are pleased to inform you that the BeyondInsight IT Risk Management Framework v6.0, including Retina Network Security Scanner, is currently undergoing evaluation for Common Criteria Certification. This certification (and others like it) underscores BeyondTrust’s continued customer commitment to delivering best-of-breed solutions. Track our progress here.