March 13, 2008 10:04 ET

eEye Unveils Retina Web Security Scanner

Partners With NTO on Integrated Threat Management Suite

ALISO VIEJO, CA--(Marketwire - March 13, 2008) - eEye Digital Security, a leader in network vulnerability scanning, announced today that it is expanding the company's security suite to include full-featured web vulnerability scanning. The Retina Web Security Scanner is a best-in-class web scanning solution that rapidly and accurately scans large, complex web sites and web applications to tackle web-based vulnerabilities.

This new eEye solution gives customers a complete picture of the performance and security status of deployed web applications plus on-demand inventory and diagnostic capabilities, ensuring privacy and compliance.

The Retina Web Security Scanner extends eEye's growing integrated threat management security suite and leverages eEye's advanced security intelligence capabilities. Using Retina Web Security Scanner and Retina Network Security Scanner in tandem, eEye customers now have a powerful multi-layered scanning approach.

With the addition of eEye's centralized management and reporting console, REM, security administrators have a unified solution that consolidates security information into one dynamic repository. REM facilitates data analysis and benefits administrators by eliminating information overload and automating previously time-consuming tasks. Users are able to install the Retina Web Security Scanner on the same servers that currently run Retina Network Security Scanner, significantly reducing installation and maintenance costs.

Web application security has emerged as the premier security challenge facing the information technology industry. The Retina Web Security Scanner represents a strategic decision on eEye's part to invest, innovate and lead in this fast-growing space. According to the world's leading independent research advisory firm, Gartner Group, approximately 70 percent of malicious attacks target the application layer. Enterprises that scan their web applications after modifications experience a 70 percent reduction, on average, in security incidents in those applications.

"Web 2.0 and SaaS are rapidly becoming the predominant delivery model for software," said Kamal Arafeh, CEO, eEye Digital Security. "Traditional firewalls, SSL VPNs and other security products cannot fully protect against flaws in these web applications. eEye believes that the vulnerability landscape needs to change and evolve yet again to meet this new set of challenges. For the past ten years, eEye products have addressed operating system and application vulnerabilities and now with Retina Web Security Scanner, we are innovating further to address web application vulnerabilities and flaws."

In response to the limitations in existing web security technology and increasing customer demand, eEye partnered with NT OBJECTives, Inc. (, an application security company specializing in next-generation web security scanning. eEye is licensing NTOSpider and working with NTO on a variety of integration efforts. The byproduct of this partnership is the Retina Web Security Scanner. The product is eEye branded and being offered for sale through eEye's global sales force and channel distribution network.

"We are extremely excited to be working with one of the pioneers in network security. eEye's leadership in vulnerability research and security software is well known and we look forward to working with them to integrate these solutions to improve the ability of enterprises to have a holistic view of their risk posture," said JD Glaser, CEO, NTO. "Customers are increasingly concerned with data security because of the more stringent PCI requirements for the application layer. This partnership allows us to provide eEye with best-of-breed web application vulnerability assessment technology and highlight Layer 6 vulnerabilities."

Retina Web Security Scanner identifies application vulnerabilities as well as site exposure risk, ranks threat priority and indicates site security posture by vulnerabilities and threat level. It provides complete remediation recommendations and detailed HTML reports with flexible XML data. Retina Web Security Scanner automates the process of authentication, session management, crawling and attacking. Its advanced custom error page checking also gives it the lowest false positive rate in the industry.

Millions of web applications have been developed in the past two decades. In addition to commercial eCommerce sites, blogging platforms, online communities, marketing automation and sales force automation platforms, there are countless custom-built web applications in existence. Examples of potential vulnerabilities to these web applications include connection dependencies to back-end databases that are easily compromised via SQL Injection attacks; firewall and SSL VPN vulnerabilities related to Port 80 and 443 firewall openings that allow HTTP and HTTPS traffic through; vulnerabilities caused by cross-site scripting attacks that create deceptive pop-up windows prompting users for personal information; and a myriad array of vulnerabilities inherent in custom-coded web applications. Using signature-based checks for known vulnerabilities is not useful in the web application space because almost all web applications are different. Neither is it feasible or cost effective to depend on manual penetration testing.

Pricing & Availability

Retina Web Security Scanner is now shipping and available for purchase. List pricing begins at $6,995.

For further information about Retina Web Security Scanner or other security solutions in the eEye Digital Security integrated threat management suite, please visit or contact your local eEye sales representative or channel partner.

About eEye Digital Security

eEye Digital Security is pioneering a new class of security products: integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise's key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility. eEye's research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit

All trademarks contained within this press release are the sole property of their respective owners and are hereby acknowledged.

Contact Information

  • Press Contacts
    Victor Cruz
    email: Email Contact

    Corporate, North America:
    Stacy Newman
    email: Email Contact