Allgress Insight and Risk Manager v5
Strengths: Ease of use, some nice visualization tools, UI is strong.
Weaknesses: None noted.
Verdict: Takes a lot of the complexity out of risk management. This is a very complete tool.
Allgress Insight and Risk Manager v5 helps companies aggregate data from security and compliance assessments and technical inputs and turn it into meaningful, actionable risk specific intelligence that can be aligned with the goals of the business. Allgress combines both enterprise risk and IT risk into a single modular platform.
The Allgress Insight Risk Management Suite is built on an integrated modular architecture and includes assessment, vulnerability analysis, risk analysis, policy management and incident management modules. Functionality includes a common centralized database that supports the ability to consistently manage the entire IT risk management process and the ability to integrate with existing solutions.
Allgress helps IT and non-technical-oriented leadership understand their vulnerability risk posture in a language they understand so they can prioritize IT resource investments to meet business objectives. Customers import the information they already have, which is usually vulnerability and configuration data, and extract business value easily understood by non-IT audiences. This allows them to allocate resources to reduce business risk, comply with regulations and eradicate security exposures. One of the new features to this release is an updated workflow set of tools. The automation that is built in allows users to reduce the time it typically takes to get through the remediation process, reducing the risk associated with those gaps.
The vulnerability analysis module offers a great way to manage work. Users can easily manage and prioritize tickets, and have a clean search tool that allows them to quickly pull in subsets of information and then drill down to the detailed vulnerability or asset data right from the search results. The policy module was complete. It comes fully populated with content as the unified compliance framework (UCF) content library is included with the software.
Allgress provides full policy-lifecycle management along with version control. One great feature we particularly liked enables users to quickly map policy requirements back to the compliance/regulatory requirements. The incident module provided an interface to manage workflows. Vendor risk management is also available through templated assessments and tools for managing the workflow, including notification, assignment and alerting functions. The risk module had strong visualization tools, and includes a powerful modelling tool that made it very easy to visualize historic information and risk over time. The reporting was very good and included thing like heat maps.
The risk engine is based on the NIST 800-53 framework. On top of all of these is an easy-to-use user interface based mostly on a graphical driven model. The visual user interface reduces the complexity of the entire GRC management lifecycle by providing automation, ease of use and representation of information. The user interface and visualization tools throughout all modules are a differentiator.
Allgress is delivered as either an on-premise or SaaS solution. The on-premise offering requires Windows Server 2008 R2(x64) and SQL Server 2008R2(x64). We were told that typical implementations take about 30 minutes to get the software installed and about two weeks to get through integration and configuration.
A first year of maintenance as well as eight-hours-a-day/five-days-a-week phone and email support is included with the license purchase. Extended 24/7 support is available at 30 percent of list price. Maintenance includes all updates including major releases.