Agiliance RiskVision v6.5 SP1
June 03, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Visibility into risk using heat maps and business-intelligence-driven dashboards. Reporting and analytics. Mobile device support.
- Weaknesses: No Microsoft SQL DB support. Supports MySQL and Oracle DB.
- Verdict: RiskVision is a full-featured risk solution covering all aspects of compliance, business and IT risk. Recommended as a risk management solution.
The Agiliance RiskVision platform manages enterprise risk by making it visible, actionable and measurable across business units, IT operations and security management in near real time. The tool comes as a single platform with multiple modules that can be activated via licensing. Manager modules are available for compliance, enterprise risk, vendor risk, threat and vulnerability, and policy and incident.
Agiliance provides a holistic view of security and compliance in one integrated enterprise platform that enables companies to move from a reactive, threat-driven approach to a proactive, risk-aware posture. The platform brings together threat and vulnerability data, security configuration data and compliance and risk assessments data. RiskVision correlates this data against its "business-criticality aware" asset database, as well as its multi-regulatory compliance framework of 50-plus standards and policies, providing organizations with an aggregated view of their risk and compliance posture.
The solution is delivered either as on-premise software running on available hardware or as an on-demand, cloud-based platform. It requires Microsoft Windows Server 2003 or 2008, and either MySQL 5.5 or Oracle Database 11g R2 for server side deployment, and a simple web browser and Adobe Flash v10 or higher for the client.
RiskVision has a strong, out-of-the-box policy module that is built off of COBIT, ISO and NIST frameworks. There is a lot of pre-populated content for policy, assessment, controls and reporting. It supports continuous import/export of data using prebuilt templates from MS Word, Excel and XML. Users can automate assessments against these standards or internal controls. The workflow tool makes it easy to develop and manage the assessments. This tool also has a feature that allows one to validate a user response to ensure they actually read what was sent. The offering comes with a fully integrated ticketing solution and can also be integrated to the common ticket platforms on the market.
New features in this version include mobile device and user detail supporting risk related to bring-your-own-device (BYOD). RiskVision will collect and correlate mobile data from mobile device management (MDM) vendors. It can then rate access versus risk related to applications, i.e., correlating a user identity to their level of access. Reporting is enhanced though a co-branded integration with business intelligence suite Jaspersoft for delivering robust dashboards and data analytics capabilities. There are more than 300 dashboards and reports that come out of the box geared to delivering audit-level detail. We were impressed by the simplicity of the interface. One can easily drill down through a chain of risks and get right to the impacted assets and supporting controls.
Standard eight-hours-a-day/five-days-a-week support is included in the price of the software and includes phone and email access, while 24/7 extended support is available for $7,500 per year.
RiskVision is a full-featured risk solution that provides a lot of out-of-the-box content, delivers a simple, easy-to-use interface for technical and business users alike, and delivers a powerful analytics component that really helps to present and manage risk. - ML
Sign up to our newsletters
SC Magazine Articles
- Lenovo PCs shipped with 'Superfish,' adware that opens users to MitM attacks
- Florida law enforcement docs show widespread stingray use, secrecy
- Malware on Lime Crime website, payment cards compromised
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Gemalto investigates claims that gov't spies hacked SIM card encryption keys
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- New attack uses ransomware to drop trojans and keyloggers
- Microsoft phishing emails target corporate users, deliver malware that evades sandboxes
- State breakdowns: Anthem breach by the numbers
- Botnet of Joomla servers furthers DDoS-for-hire scheme
- Study: SMBs lack thorough understanding of state data breach notification laws
- Bug in popular WordPress plugin opens up websites to SQL injection attacks