Allgress Insight and Risk Manager v4.1
June 03, 2013
A typical, small- subscription deployment does not exceed $10,000. A larger organization perpetual license starts at $25,000.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Ease of use, price performance, and some lucid visualization tools.
- Weaknesses: None evident.
- Verdict: Takes a lot of the complexity out of risk management. A lot of value for the money.
Allgress Business Risk Intelligence helps companies quickly and automatically aggregate data from security and compliance assessments and technical inputs, and turn this into meaningful, actionable, risk-specific intelligence that can be aligned with the goals of the business. With Allgress, one can identify risk areas that are underexposed, and reorder security priorities to better align with the current business environment. Allgress helps admins assess risk or compliance within their organization by determining how closely it adheres to a particular standard.
The solution is sold as on-premise software running on the Microsoft platform, Windows Server 2008 R2 (x64) and SQL Server 2008R2 (x64). We were told that typical implementations take about two weeks. There is also a hosted, cloud-based model. Licensing is either perpetual or subscription based on the model deployed. Pricing is based on the size of the organization and the number of modules purchased.
Allgress is a risk platform that includes modules supporting assessments, vulnerability analysis, policy management, mitigation and incident management. It has a well laid-out user interface with tabs across the top for each function. Users are usually no more that three clicks away from any of the information desired. The tool is preconfigured with a number of popular standards, and uses the Unified Compliance Framework (UCF) content library. The policy functionality is easy to use. The library can be hosted in the cloud or locally within an on-premise solution. Assets come in from the user's vulnerability data and are manually entered or imported.
The visualization capabilities are impressive. From the risk heat maps to the slick, wheel-based vulnerability graphs, data is presented in a usable and meaningful way. Trending techniques and business modeling offer a clear balance between past, present and pending threats to the business. One also has a beneficial "what if" analysis tool to model changes or mitigations prior to investing or deploying.
Allgress is a flexible platform that can grow with the organization's maturity level in managing risk, compliance and security. It can provide an efficient balance of timely, understandable results at a justifiable pricepoint without the added complexity of an overabundance of functions. This could be a pro and con depending on one's needs. There are more sophisticated tools on the market with more bells and whistles. The value of Allgress is to help both IT staff and non-technical-oriented leadership understand their vulnerability risk posture by employing a language they can understand. This is intended to prioritize IT resource investments to meet business objectives.
Standard eight-hours-a-day/five-days-a-week support is included with either the hosted or purchased licenses. Extended 24/7 support is available at 30 percent of the list price.
Allgress delivers a solution that can be deployed quickly so as to immediately deliver value through visualization for all technical and business groups. - ML
SC Magazine Articles
- PCI DSS version 3.2 release extends multifactor authentication requirement
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- New site on dark web offering one-stop ransom services
- Pwnedlist vulnerability exposed 866M accounts
- Turkish fascists claim responsibility for Qatar bank data breach
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- Report: Ransomware feeds off poor endpoint security
- Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects