Agiliance RiskVision v6.5 SP1
June 03, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Visibility into risk using heat maps and business-intelligence-driven dashboards. Reporting and analytics. Mobile device support.
- Weaknesses: No Microsoft SQL DB support. Supports MySQL and Oracle DB.
- Verdict: RiskVision is a full-featured risk solution covering all aspects of compliance, business and IT risk. Recommended as a risk management solution.
The Agiliance RiskVision platform manages enterprise risk by making it visible, actionable and measurable across business units, IT operations and security management in near real time. The tool comes as a single platform with multiple modules that can be activated via licensing. Manager modules are available for compliance, enterprise risk, vendor risk, threat and vulnerability, and policy and incident.
Agiliance provides a holistic view of security and compliance in one integrated enterprise platform that enables companies to move from a reactive, threat-driven approach to a proactive, risk-aware posture. The platform brings together threat and vulnerability data, security configuration data and compliance and risk assessments data. RiskVision correlates this data against its "business-criticality aware" asset database, as well as its multi-regulatory compliance framework of 50-plus standards and policies, providing organizations with an aggregated view of their risk and compliance posture.
The solution is delivered either as on-premise software running on available hardware or as an on-demand, cloud-based platform. It requires Microsoft Windows Server 2003 or 2008, and either MySQL 5.5 or Oracle Database 11g R2 for server side deployment, and a simple web browser and Adobe Flash v10 or higher for the client.
RiskVision has a strong, out-of-the-box policy module that is built off of COBIT, ISO and NIST frameworks. There is a lot of pre-populated content for policy, assessment, controls and reporting. It supports continuous import/export of data using prebuilt templates from MS Word, Excel and XML. Users can automate assessments against these standards or internal controls. The workflow tool makes it easy to develop and manage the assessments. This tool also has a feature that allows one to validate a user response to ensure they actually read what was sent. The offering comes with a fully integrated ticketing solution and can also be integrated to the common ticket platforms on the market.
New features in this version include mobile device and user detail supporting risk related to bring-your-own-device (BYOD). RiskVision will collect and correlate mobile data from mobile device management (MDM) vendors. It can then rate access versus risk related to applications, i.e., correlating a user identity to their level of access. Reporting is enhanced though a co-branded integration with business intelligence suite Jaspersoft for delivering robust dashboards and data analytics capabilities. There are more than 300 dashboards and reports that come out of the box geared to delivering audit-level detail. We were impressed by the simplicity of the interface. One can easily drill down through a chain of risks and get right to the impacted assets and supporting controls.
Standard eight-hours-a-day/five-days-a-week support is included in the price of the software and includes phone and email access, while 24/7 extended support is available for $7,500 per year.
RiskVision is a full-featured risk solution that provides a lot of out-of-the-box content, delivers a simple, easy-to-use interface for technical and business users alike, and delivers a powerful analytics component that really helps to present and manage risk. - ML
Sign up to our newsletters
SC Magazine Articles
- Study: Open Source Software use increasing in enterprises but without vulnerability monitoring
- RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns
- 'Aaron's Law' returns to Congress
- RSA 2015: Tension continues to grow between govt, cryptographers
- Data at risk for 9,000 individuals following unauthorized access to SRI Inc. website
- Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK
- RSA 2015: Straight talk about encryption, bulk surveillance and IoT
- RSA 2015: In the healthcare industry, security must innovate with business
- RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community
- RSA 2015: Bug hunting and responsible vulnerability disclosure