Allgress Insight and Risk Manager v4.1
June 03, 2013
A typical, small- subscription deployment does not exceed $10,000. A larger organization perpetual license starts at $25,000.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Ease of use, price performance, and some lucid visualization tools.
- Weaknesses: None evident.
- Verdict: Takes a lot of the complexity out of risk management. A lot of value for the money.
Allgress Business Risk Intelligence helps companies quickly and automatically aggregate data from security and compliance assessments and technical inputs, and turn this into meaningful, actionable, risk-specific intelligence that can be aligned with the goals of the business. With Allgress, one can identify risk areas that are underexposed, and reorder security priorities to better align with the current business environment. Allgress helps admins assess risk or compliance within their organization by determining how closely it adheres to a particular standard.
The solution is sold as on-premise software running on the Microsoft platform, Windows Server 2008 R2 (x64) and SQL Server 2008R2 (x64). We were told that typical implementations take about two weeks. There is also a hosted, cloud-based model. Licensing is either perpetual or subscription based on the model deployed. Pricing is based on the size of the organization and the number of modules purchased.
Allgress is a risk platform that includes modules supporting assessments, vulnerability analysis, policy management, mitigation and incident management. It has a well laid-out user interface with tabs across the top for each function. Users are usually no more that three clicks away from any of the information desired. The tool is preconfigured with a number of popular standards, and uses the Unified Compliance Framework (UCF) content library. The policy functionality is easy to use. The library can be hosted in the cloud or locally within an on-premise solution. Assets come in from the user's vulnerability data and are manually entered or imported.
The visualization capabilities are impressive. From the risk heat maps to the slick, wheel-based vulnerability graphs, data is presented in a usable and meaningful way. Trending techniques and business modeling offer a clear balance between past, present and pending threats to the business. One also has a beneficial "what if" analysis tool to model changes or mitigations prior to investing or deploying.
Allgress is a flexible platform that can grow with the organization's maturity level in managing risk, compliance and security. It can provide an efficient balance of timely, understandable results at a justifiable pricepoint without the added complexity of an overabundance of functions. This could be a pro and con depending on one's needs. There are more sophisticated tools on the market with more bells and whistles. The value of Allgress is to help both IT staff and non-technical-oriented leadership understand their vulnerability risk posture by employing a language they can understand. This is intended to prioritize IT resource investments to meet business objectives.
Standard eight-hours-a-day/five-days-a-week support is included with either the hosted or purchased licenses. Extended 24/7 support is available at 30 percent of the list price.
Allgress delivers a solution that can be deployed quickly so as to immediately deliver value through visualization for all technical and business groups. - ML
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Vulnerabilities identified in three Advantech products
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- State Department hack may be tied to White House network breach
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard
- Study: Third of employees use company devices for social media and online shopping
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Swedish appeals court nixes Assange's plea
- Critical XSS vulnerability addressed in WordPress
- The Internet of Things (IoT) will fail if security has no context