Lumension Risk Manager v4.4
June 03, 2013
From $7,500 for 100 nodes for Lumension Risk Manager Platform, 100 node/subject license and Connector Development Kit; UCF content sold separately.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Interface provides a great user experience, out-of-the-box controls, and the ability to overlap them to multiple mappings.
- Weaknesses: Pricing per node and additional fees for UCF content can make this an expensive offering for a larger enterprise.
- Verdict: Good survey-/assessment-driven compliance and business risk tool.
Lumension Risk Manager (LRM) is a compliance and risk management solution that provides a framework for streamlining compliance management and assessing business risk. It provides visibility into compliance and risk through four capabilities: risk profiling, controls framework, controls assessment and risk/compliance reporting.
The solution is delivered as on-premise software running on one's hardware. It is a Java-based web application running on a Microsoft Windows Server that can be viewed on any MS Windows-compliant device. LRM deploys on Windows 2005-2008 and SQL Server 2005 through 2008 R2.
The product is designed as a compliance and business risk assessment tool, combining compliance and risk management into a single process. It is geared to providing end-to-end visibility of all control activities needed to ensure protection of information. It harmonizes common controls from more than 450 regulatory standards into a single set of controls, thus easing the burden and duplication inherent in manual compliance management practices. In short, LRM can assess a single control once and apply it to any standard or regulatory requirement. The tool's Risk Intelligence Engine allows it to easily correlate an organization's policy against regulatory standards while measuring the business risk of vulnerabilities in an IT environment.
Its risk profiling offers modeling of the risk between IT assets and the business interest. Assets can be brought into the system with its Connector Development Kit. There are a few prebuilt connectors, SIEMs, vulnerability scanners and patch management solutions. There is also a published application programming interface (API) for bringing in asset data and other security data. Framework Controls capture control requirements mandated for the proper level of risk mitigation. This effort maps controls to satisfy compliance requirements. The Assessment Controls function assesses the technical, physical and procedural controls to provide a single view and measure (score) of compliance. Risk and Compliance Reporting delivers a metrics-driven set of reports supporting executive decision-making.
The survey process drives the business risk assessment and covers vulnerabilities, environmental/natural risks, loss or theft risk, and regulatory failure. It uses analytics to assist in the review of risk. Administrators can employ the heuristics engine to effectively analyze control scores to discover patterns, such as a certain group of subjects that contribute disproportionately to a poor compliance score, or a certain type of control that fails across a broad array of subjects.
To assist in managing the raw amount of data associated with each of these, LRM analyzes the data and puts it into a category of meaningful, neutral or less meaningful. Each of these can be assigned a custom risk value that rolls up into the final risk calculation.
Lumension provides both standard and premium support options as part of its subscription cost of the software. Standard options include 8 a.m. to 5 p.m. phone-based technical aid, along with email assistance with one-day response and access to the Lumension online customer portal and knowledge base. Premium support is available for a fee and includes 24/5 live phone support. - ML
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes