Modulo Risk Manager v8.4
June 02, 2014
Starting base price is $18,750 annually, SaaS; license options also available.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Reporting and visualization, new ERM is strong.
- Weaknesses: None noted.
- Verdict: A powerful tool that can deploy with little effort for out-of-the-box functionality, or users can put in the work to customize We make this one our Best Buy.
Modulo Risk Manager automates GRC processes, integrating different areas and activities and allowing for centralized reporting. It automates processes for analyzing, evaluating, treating and maintaining control over business enterprise risks. This software platform also ensures that incidents and any deviations from standards and policies can be recorded and responded to in a timely fashion.
There are several modules that make up the GRC suite. Risk management provides quantitative and qualitative information on identified risks, and prioritizes actions and supports the decision-making process while tracking improvements as risks are addressed. Risk Manager also helps organizations assess and achieve compliance with regulatory standards. Compliance management uses Modulo's MetaFramework and compliance knowledge bases. Users can easily map controls across many regulations, including support for SOX, PCI, HIPAA, ISO 27001/27002, COBIT, GLBA, FISMA, NERC, NIST 800-53, A 130, BASEL II, BS27999, FISAP and DOD 8500.2.
Users can also import internal policies and standards. The Policy Management module enables organizations to administer policy management efforts while assessing compliance with stated policies and controls. All of these are brought together through the Workflow Management Module. This module is used to automatically move tasks through the Risk module. It can also determine the steps that risk remediation, notifications and exceptions must move through. An impressive visualization tool called a treemap can be used to show the relationship and status of incidents. Incident Management is also supported through this workflow tool, so users can track the origination of an incident through the automation of workflow steps in remediation to the resolution of an incident. The content libraries are strong and contain knowledge bases, controls, regulations and standards, surveys and frameworks. Version 8.4 includes 400-plus knowledge bases (27,000-plus controls) and 180 frameworks.
New to this version is a GRC Intelligence module, a portal for integrating real-time information from any data source - including IT security, physical security and incident management tools, vendor surveys, and social and mobile analytics. A fully integrated enterprise risk management (ERM) offering delivers broader reporting and visibility, including new key risk indicators. There is a new vendor risk manager capability that . integrates the shared assessments out of the box and scales up to hundreds of thousands of third parties. There also is a new vulnerability risk management module.
The tool integrates vulnerability and threat management, and integrates and leverages findings from popular vulnerability scanners to aggregate and correlate the output against the assets. This module can also help to provide valuable information to prioritize remediation activities. There are several new connectors in this version as well, extending its integration capabilities. The Policy Module has been updated to deliver a more user-friendly policy builder tool. There is also the ability to integrate the risk module to any source of information. Even if connectors do not exist, users can extend the capabilities as far as desired. Reporting and visualization have been updated and are still very strong.
First-year support is included in the license fee. There are several support options available to meet one's needs. Standard support is eight-hours-a-day/five-days-a-week and premium is available to extend the hours through several options up to 24/7.
Sign up to our newsletters
SC Magazine Articles
- Malware on Lime Crime website, payment cards compromised
- State breakdowns: Anthem breach by the numbers
- Florida law enforcement docs show widespread stingray use, secrecy
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Older vulnerabilities a top enabler of breaches, according to report
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- State breakdowns: Anthem breach by the numbers
- NIST requests final comments on ICS security guide
- Disconnect yawns between CISOs, exec leadership, study says
- Researchers investigate link between Axiom spy group, Anthem breach
- Top Android tablets for children riddled with security lapses, study finds
- Bulk Reef Supply website compromised, credit cards at risk
- Medical identity theft up 22 percent in 2014, annual report says
- Report: Majority of health-related websites leak data to third parties