Tuesday, September 27, 2005

e-Eye Retina Vulnerability Scanner replaces ISS

e-Eye Digital Security hit a homerun in 2004 when they won the $6 Million dollar Defense Information System Agency’s I-ASSURE contract which will allow their robust e-Eye Retina Vulnerability Scanner to be used on DOD systems world wide.

The Retina Vulnerability Scanner will be used to measure compliance with Department of Defense (DoD) Computer Emergency Response Team (CERT) Information Assurance Vulnerability Management Notices.

The DOD used to use Internet System Security (ISS) vulnerability assessment tools exclusively for this task. However, on 30 September 2005 the ISS vulnerability tools will no longer be used by the Department of Defense.

This comes at a time of the "cover up" CiscoGate controversy which involved ISS. On July 2005, Michael Lynn, a former research analyst with Internet Security Systems, resigned from the company just before releasing a major flaw in Cisco routers (many of which are on critical infrastructures).

According to Lynn, Cisco and ISS allowed him to speak about the flaw at the Black Hat but suddenly changed their minds at the last minute attempting to shut Lynn up with legal action. Cisco and ISS were trying to protect there shareholders at the cost of all the customers, organizations and nations that depend on the Cisco routers. From an ethical perspective, this was not a great way for an Internet System Security company to act.

It will be interesting to see if e-Eye Digital will be more ethical than ISS as it comes to power. Something very evil tends to happen when large groups of people get together to gather large sums of money.

As stated above, after Friday, 30 Sept 05, the ISS scanner will no longer be available. You should be able to download the new e-Eye Retina Network Security Scanner from one of the DISA pages:

ISS/Retina Vulnerability Scanners (DOD):

e-Eye Retina Network Security Scanner(SCCVI)
http://iase.disa.mil/stigs/iss/index.html
http://iase.disa.mil/stigs/iss/retina.html



eEye Digital Security and DISA press release:

http://www.eeye.com/html/company/press/PR20040623.html



Official Word from DISA

Information Assurance Support Environment:

DISA IA Announcement: DISA will be converting from using Internet Security Scanner to the e-Eye Retina Network Security Scanner(SCCVI) effective 1 Aug 05 for all security reviews, compliance validations, certification efforts, etc. All open findings related to a penetration test conducted with the ISS tool will be archived (closed) as a Retina penetration test is conducted by DISA. The ISS findings are still valid open findings that need to be worked and closed by the site. However, sites are highly encouraged/recommended to perform a self-assessment using the Retina scanner, as soon as they receive the tool.

Information, online training, and Retina software can be obtained from the http://iase.disa.mil website.



eEye Digital Security

http://www.eeye.com/html/index.html

Retina Network Vulnerability Scanner:

http://www.eeye.com/html/products/retina/index.html



Resources

ISS is Shady

e-Eye Press release

Inside CiscoGate

Lynn’s Lawyer


Cisco & ISS vs. Lynn

1 Comments:

Blogger Broadband Guy said...

Wow, I am so glad I found your blog about get DSL! I thought get DSL wasn't available here until I read this post the whole way through! Thanks again elamb!

12:48 PM  

Post a Comment

<< Home