Agiliance RiskVision v6.5 SP1
June 03, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Visibility into risk using heat maps and business-intelligence-driven dashboards. Reporting and analytics. Mobile device support.
- Weaknesses: No Microsoft SQL DB support. Supports MySQL and Oracle DB.
- Verdict: RiskVision is a full-featured risk solution covering all aspects of compliance, business and IT risk. Recommended as a risk management solution.
The Agiliance RiskVision platform manages enterprise risk by making it visible, actionable and measurable across business units, IT operations and security management in near real time. The tool comes as a single platform with multiple modules that can be activated via licensing. Manager modules are available for compliance, enterprise risk, vendor risk, threat and vulnerability, and policy and incident.
Agiliance provides a holistic view of security and compliance in one integrated enterprise platform that enables companies to move from a reactive, threat-driven approach to a proactive, risk-aware posture. The platform brings together threat and vulnerability data, security configuration data and compliance and risk assessments data. RiskVision correlates this data against its "business-criticality aware" asset database, as well as its multi-regulatory compliance framework of 50-plus standards and policies, providing organizations with an aggregated view of their risk and compliance posture.
The solution is delivered either as on-premise software running on available hardware or as an on-demand, cloud-based platform. It requires Microsoft Windows Server 2003 or 2008, and either MySQL 5.5 or Oracle Database 11g R2 for server side deployment, and a simple web browser and Adobe Flash v10 or higher for the client.
RiskVision has a strong, out-of-the-box policy module that is built off of COBIT, ISO and NIST frameworks. There is a lot of pre-populated content for policy, assessment, controls and reporting. It supports continuous import/export of data using prebuilt templates from MS Word, Excel and XML. Users can automate assessments against these standards or internal controls. The workflow tool makes it easy to develop and manage the assessments. This tool also has a feature that allows one to validate a user response to ensure they actually read what was sent. The offering comes with a fully integrated ticketing solution and can also be integrated to the common ticket platforms on the market.
New features in this version include mobile device and user detail supporting risk related to bring-your-own-device (BYOD). RiskVision will collect and correlate mobile data from mobile device management (MDM) vendors. It can then rate access versus risk related to applications, i.e., correlating a user identity to their level of access. Reporting is enhanced though a co-branded integration with business intelligence suite Jaspersoft for delivering robust dashboards and data analytics capabilities. There are more than 300 dashboards and reports that come out of the box geared to delivering audit-level detail. We were impressed by the simplicity of the interface. One can easily drill down through a chain of risks and get right to the impacted assets and supporting controls.
Standard eight-hours-a-day/five-days-a-week support is included in the price of the software and includes phone and email access, while 24/7 extended support is available for $7,500 per year.
RiskVision is a full-featured risk solution that provides a lot of out-of-the-box content, delivers a simple, easy-to-use interface for technical and business users alike, and delivers a powerful analytics component that really helps to present and manage risk. - ML
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes