Allgress Insight and Risk Manager v4.1
June 03, 2013
A typical, small- subscription deployment does not exceed $10,000. A larger organization perpetual license starts at $25,000.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Ease of use, price performance, and some lucid visualization tools.
- Weaknesses: None evident.
- Verdict: Takes a lot of the complexity out of risk management. A lot of value for the money.
Allgress Business Risk Intelligence helps companies quickly and automatically aggregate data from security and compliance assessments and technical inputs, and turn this into meaningful, actionable, risk-specific intelligence that can be aligned with the goals of the business. With Allgress, one can identify risk areas that are underexposed, and reorder security priorities to better align with the current business environment. Allgress helps admins assess risk or compliance within their organization by determining how closely it adheres to a particular standard.
The solution is sold as on-premise software running on the Microsoft platform, Windows Server 2008 R2 (x64) and SQL Server 2008R2 (x64). We were told that typical implementations take about two weeks. There is also a hosted, cloud-based model. Licensing is either perpetual or subscription based on the model deployed. Pricing is based on the size of the organization and the number of modules purchased.
Allgress is a risk platform that includes modules supporting assessments, vulnerability analysis, policy management, mitigation and incident management. It has a well laid-out user interface with tabs across the top for each function. Users are usually no more that three clicks away from any of the information desired. The tool is preconfigured with a number of popular standards, and uses the Unified Compliance Framework (UCF) content library. The policy functionality is easy to use. The library can be hosted in the cloud or locally within an on-premise solution. Assets come in from the user's vulnerability data and are manually entered or imported.
The visualization capabilities are impressive. From the risk heat maps to the slick, wheel-based vulnerability graphs, data is presented in a usable and meaningful way. Trending techniques and business modeling offer a clear balance between past, present and pending threats to the business. One also has a beneficial "what if" analysis tool to model changes or mitigations prior to investing or deploying.
Allgress is a flexible platform that can grow with the organization's maturity level in managing risk, compliance and security. It can provide an efficient balance of timely, understandable results at a justifiable pricepoint without the added complexity of an overabundance of functions. This could be a pro and con depending on one's needs. There are more sophisticated tools on the market with more bells and whistles. The value of Allgress is to help both IT staff and non-technical-oriented leadership understand their vulnerability risk posture by employing a language they can understand. This is intended to prioritize IT resource investments to meet business objectives.
Standard eight-hours-a-day/five-days-a-week support is included with either the hosted or purchased licenses. Extended 24/7 support is available at 30 percent of the list price.
Allgress delivers a solution that can be deployed quickly so as to immediately deliver value through visualization for all technical and business groups. - ML
Sign up to our newsletters
SC Magazine Articles
- Malware on Lime Crime website, payment cards compromised
- Florida law enforcement docs show widespread stingray use, secrecy
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Gemalto investigates claims that gov't spies hacked SIM card encryption keys
- Disconnect yawns between CISOs, exec leadership, study says
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- New attack uses ransomware to drop trojans and keyloggers
- Microsoft phishing emails target corporate users, deliver malware that evades sandboxes
- State breakdowns: Anthem breach by the numbers
- Botnet of Joomla servers furthers DDoS-for-hire scheme
- Study: SMBs lack thorough understanding of state data breach notification laws
- Bug in popular WordPress plugin opens up websites to SQL injection attacks