Agiliance RiskVision v6.0 SP2
Strengths: Assessment, configuration and vulnerability driven. Strong asset tool, heat maps are nicely done.
Weaknesses: Nothing technically; licensing model may be costly for SMB market.
Verdict: Covers all aspects of the risk picture. Really made it easy to use. Reporting is solid.
Agiliance RiskVision is a purpose-built GRC solution that brings together threat and vulnerability data, security configuration data, compliance and risk assessment information into a single, task-driven console. It correlates this data against its "business-criticality aware" asset database, as well as its multi-regulatory compliance framework of 50 standards and policies, providing organizations with an aggregated view of their risk and compliance posture.
The solution is delivered as a software offering or as an "in the cloud" hosted offering. The requirements for deployment include: MS Windows Server 2003 or 2008, MySQL 5.5 or Oracle Database 11g, web browser (IE 6.0, 7.0, 8.0 or 9.0 or Firefox 3.0 or 4.0), Adobe Flash v10 or higher. The typical deployment takes 30 to 60 days on average.
RiskVision comes as a single platform with multiple modules that you can activate via licensing. The available modules include compliance manager, enterprise risk, vendor risk, threat and vulnerability, policy and incident manager. RiskVision combines top-down business controls with bottom-up operational data for real-time, security risk management. The user interface is cleanly done with web-based access that employs role-based authentication to deliver the customizable landing page determined by the user's level of access.
Tabbed-based navigation with multiple panes for data and graphic displays puts a lot of information on the screen while making it simple to navigate between modules, tabs and resources. There is a lot of prepopulated content for policy, assessment, controls and reporting. RiskVision supports continuous import/export of data using prebuilt templates from MS Word, Excel and extensible markup language. RiskVision has a web-service, open-integration platform and toolkit, plus an extensive library of 35 purpose-built connectors to enable real-time integration with all types of products for identity, policy, zero-day threat, vulnerability, event, technical control, incident, data leakage prevention, ticketing, patch management, reporting, analytics and business intelligence.
RiskVision covers all aspects of risk management by providing assessments and policy, configuration and vulnerability management. This tool delivers on the compliance side of risk, as well as the IT risk management portion for a full-featured offering. Bundled with the risk options is a closed-looped remediation solution via its own integrated ticketing and exception processes. One also has the ability to integrate with most third-party ticketing and patch management solutions. An integrated workflow tool allows for quick programming of action items based on various risk criteria.
Reporting and dashboarding is very strong. RiskVision supports performance and risk metrics - key performance indicator (KPI)/key risk indicator (KRI) - risk registers, risk catalogue (including custom operational and business risks), and more than 300 rich, audit-ready dashboards and reports. The level of integration between the modules allows RiskVision to define a causal chain of a business-level risk down to its supporting assets and individual controls.RiskVision is a complete risk offering, delivering on compliance, business risk and IT risk management.