eEye Digital Security

We run Retina scans every month and what I'd like to do is show management the progress that's being made with IAV patching.

Is there a way in Retina where I can compare scans?

What I mean is:

1st scan shows IAVA 2009-A-0001 is vulnerable on client1, client2, and client3.

2nd scan shows the same IAVA 2009-A-0001 is vulnerable on client1 and client3.

Looking at that, I can easily tell that the patch was applied to one client (client2).  But imagine having multiple IAVs on hundreds of clients.  Now you can see that manually doing this is too cumbersome.

How are you running Retina?  What I mean is, are you running it from a server scanning your network, via Blink with REM, etc?

We run Retina as a stand-alone application to scan our network.

But now that you mention REM, is that something that could do comparisons?  We have it, but have never used it.

And when you say Blink, I have no idea what that refers to.

Blink is eEye's endpoint protection suite that has retina built into it.  To my knowledge, REM only works with Blink to display all of the alerts and to break things down by category, but someone from eEye would have to comment further on that to be sure.

Hi Jimbo,

Blue1978 is correct that the REM Management Console allows you to do delta and trending analysis on Retina scans. I'll give an example...

Scanner 1 scans Network A once a month

Scanner 2 scans Network B once a month

In REM, I can run a vulnerability report of the results for the same month to combine the results of Scanner 1 and 2.

In REM, I can run a vulnerability delta report for last month and compare to this month to see whats new, removed, and unchanged. The delta report can also be used to compare 2 scan jobs too (ie instead of 2 date ranges).

Hope that helps.