Agiliance RiskVision v5.0
Strengths: A very mature look and feel with strong alerting and workflows, as well as great visuals with detailed drill downs.
Weaknesses: Connector support.
Verdict: Very nice solution, though it takes some time to deploy. We felt really comfortable with the usability and the vendor management option was nice.
Agiliance RiskVision is a set of modules that includes the Threat Manager, Enterprise Risk Manager, Vendor Manager and Compliance Manager. The tool is a browser-based automated governance, risk and compliance (GRC) solution that gathers data from security solutions, scanners and SIEM products and aggregates this data for use with risk modelling and compliance purposes. The data from the various scanners is presented in a single common format. RiskVision automates compliance assessments and can use data about threats and vulnerabilities during the compliance process.
RiskVision provides an easy-to-use user interface (UI) for building reports, creating and managing workflows, and enabling remediation of issues through tickets or exception management. We liked the ticketing capability and the ability to generate a remediation workflow to track the resolution of that ticket. The UI and dashboard were very strong, clean and sharp, and it was easy to maneuver through the various modules and menu options. RiskVision can obtain information from numerous sources through the use of connectors. Some of the supported connectors include: IBM SiteProtector, NetIQ, Solarwinds, Symantec Altiris, DISA Gold Disk Scan, eEye Retina, HP WebInspect, IBM Rational AppScan, McAfee Vulnerability Manager, nCircle Suite 360, QualysGuard, Skybox, Nessus, Rapid 7, BMC Remedy, HP Service Manager, ArcSight, BMC Atrium, HP Service Manager, Microsoft Active Directory, National Vulnerability Database, VeriSign iDefense, DB Protect and AppDetective Pro. In addition to these applications, RiskVision also provides a set of generic connectors, including automation, database, web services and flat file connectors.
Reporting was very strong. We liked the work flow tools that were provided and the numerous customizable templates that came with the work flow tools. There is a substantial amount of content provided out of the box. You do have to perform a substantial amount of setup in creating initial risk and incident definitions. Typical initial deployments usually take 90 days.The product is sold as a software solution with the following requirements for installation: Microsoft Windows Server 2003, MySQL 5.1.34, web browser (IE 6.0, 7.0 or Firefox 3.0), Adobe Flash v10 or higher. Professional services are provided to assist with information gathering, design and deployments.