LockPath Keylight v3.0
June 03, 2013
Starts at $30,000.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Great visualization, links risk to elements.
- Weaknesses: Delivers a lot, but at a high price.
- Verdict: Keylight has what is needed to manage risk and compliance.
The LockPath Keylight platform is a family of applications that includes management of compliance, threats, risks, vendors, incidents and business continuity. The platform is centrally managed and has a single sign-on system with configurable permissions that allow multiple users to manage different aspects of the system.
The tool is delivered either as a cloud-based SaaS offering or as an on-premise solution. The SaaS model simply requires a modern browser and internet access. The on-premise offering is built on the Microsoft platform, using .Net and C# with SQL as the backend database. We were told that a typical deployment can be installed and configured for use in 30 days.
Keylight's Risk Manager provides a comprehensive set of tools to identify, assess and prioritize the most relevant risks for an organization. Risks are captured from multiple sources, including user entry, compliance, policy and risk assessments, and integration to network and security devices. Keylight has a substantial list of built-in connectors for plugging into network and security products. The Threat Manager provides vulnerability remediation, and it also has the ability to integrate with several vulnerability scanners, including products from Qualys, Nessus and Rapid7. Once risks are captured, Keylight includes a configurable workflow engine that can move risks between individuals and groups. This is configured through a menu-driven wizard and requires no custom code. The same workflow tool is integrated through the entire product suite. The Dynamic Content Framework allows users to customize all the risk elements and to even create custom risk types. Users also have the ability to cross-relate objects from all applications, such as policy to a risk, or a risk to a business continuity plan.
The offering has a questionnaire-driven compliance module. These templates are easy to create and customize right down to custom scoring with the ability to flag questions and route them through additional workflow steps, such as a mandated review process, etc. Keylight also includes a full policy management suite, which offers the ability to import or build policies, move policies through a configurable workflow process, and relate policies to regulations within a content library. Another module, Incident Management, is also fully integrated and uses the same email-driven workflow described above. We were not provided with a lot of detail on the Business Continuity Manager, but wanted to mention that it offers the ability to generate, test and report on business continuity planning (BCP) readiness. There is also a Vendor Management module for extending assessments to vendor partners.
The reporting capabilities of Keylight are strong. All the reports are created through a simple, drag-and-drop interface. Everything is available to report on: risk objects, policy exceptions, tying of a risk to a policy exception, etc. The heap map view is one of the better visuals we saw in our Group Test review process this month.
Support is included in the license price, but there is only one option: eight-hours-a-day/five-days-a-week. Users can contact assistance via phone, web or email. Documentation is built in as online help, which is well done. - ML
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Website observed serving 83 executable files, more than 50 percent malware
- Scammers target oil companies with sneaky attack
- TeslaCrypt used to extort over $76K in recent months
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- FTC gives thumbs up to companies that cooperate during breach probes
- Researchers publish developer guidance for medical device security
- Senate gears up for Saturday USA Freedom Act vote; House breaks for recess
- Researchers observe SVG files being used to distribute ransomware
- Federal prosecutors charge Chinese nationals with trade secret theft