The two products are intended to be used together, and several Retina scanners can be placed throughout the enterprise with the REM acting as the central console and correlation engine. However, even though it has excellent reporting capabilities, we could find no specific functions that were directed specifically at compliance.
Retina and REM, especially the REM product, have a strong focus on risk identification and remediation. Devices on the network can be displayed in order of risk exposure, and remediation plans developed that take a triage view of the enterprise. This can be very useful in situations where resources must be allocated carefully to get the maximum impact from limited expenditure.
The documentation is good and consists of an installation guide along with expected manuals. The documentation is heavy on screen shots that include illustrations of expected field contents. A strong feature of the documentation is its depiction of alternative configurations based on the size of the enterprise.
Maintenance requires customer agreements. Without the agreements there are virtually no support services. However, for customers with service agreements, there is good support consisting of online training, knowledge bases and other services. We feel some basic level of service should be available at no cost, and we found eEye’s approach restrictive.
The Retina Scanner is priced by IP address and the REM is priced by the number of assets it support. This is a reasonable pricing scheme, but the product requires its own server running Server 2003 which adds to the overall cost. Add the cost of support and the Retina Scanner with REM is a very good buy.
For: Very easy to deploy and manage, strong reporting with many charts and graphs.
Against: Requires its own dedicated server, needs more emphasis on compliance.
Verdict: A good product for organisations of most sizes, expecially those with widely distributed networks and limited security management resources.