This month we take another look at risk management tools, a group that is evolving and continuing the trend of adding new features and taking interesting approaches like dramatically increased automation. In our view, automation is a crucial component of these risk management solutions since adequately and efficiently conducting risk management has exceeded the scope of purely human analyst capabilities.

Ever-changing compliance requirements and the growing threat landscape, too, mandate the need for sophisticated and comprehensive security solutions.

Risk management tools detect assets on a network and can ingest and understand network traffic flow. We saw a generous amount of automation incorporated into many of the solutions we tested, including the ability to automatically detect assets, provide remediation suggestions and execute critical incident response processes. Understanding some analysts prefer to be more hands on, we affirm automation is an important asset, driving analysts to work alongside risk management tools in the decision-making process.

An important part of risk management – and the capabilities these solutions provide – is gaining a comprehensive overview of risk across an environment. Apart from reaching compliance and bolstering security posture, these tools can assist in determining whether organizations are fully reaping the benefits of other security tools.

Risk Management

Our annual return to the risk management space found that evolving regulations and compliance frameworks have placed increasing demands on security teams. The complexities of accommodating a proliferation of devices being brought into the workplace, coupled with a shifting compliance landscape, have elevated the importance of these tools. As the frequency, sophistication and scope of routinely faced threats grow, so too does the need for similarly sophisticated and comprehensive security solutions.

Incorporating automation into the process is a crucial element in the latest crop of risk management tools. And the vendors deliver. Balbix, for example, categorically affirms risk management is no longer within the scope of being a human-scale problem, and we quite agree. Organizational infrastructures encompass too many facets for automation to not be part of the risk management picture. Additionally, the costs and repercussions associated with compromised assets and stolen information mandate comprehensive visibility across a wide spectrum of information assets so security teams can get their arms around safeguarding an infrastructure. 

The tools we tested understand networked assets and the traffic flow of data required to access them. They  provide great insights into who owns assets, , as well as the likelihood and potential impact of them being breached.  From a high-level perspective, the products all aim to achieve the same thing. But the methods used to manage risk can vary dramatically from one product to another. Some solutions offer extensive automation; others, very little. While we understand in some cases security teams prefer to be more hands-on and have more control over granular aspects of solutions, we believe that automation is the best way to achieve visibility into environmental risks, reach maximum security efficiency and sustain compliance.

Among the more impressive features we noted were automatic asset identification, prioritized remediation suggestions and extensive decision-based reporting. Remediation suggestions assist analysts in making decisions and increase efficiency in the overall process. Extensive reporting options provide visibility into metrics, offering analysts and stakeholders alike a quick, at-a-glance view. Understanding the assets available in an environment and how they apply from an organizational, business practice standpoint are key to the decision-making process.

We saw many familiar faces in the products reviewed this month, along with some new ones. We are always excited to see how solutions have grown since the last look and were pleased to find several notable improvements.

PICK OF THE LITTER

The functionality of AlgoSec’s highly intuitive chatbot, AlgoBot, coupled with the platform’s zero-touch automation/orchestration capabilities and competitive price point makes the AlgoSec Security Management Suite an SC Labs Best Buy

SAI Global is able to deliver proactive risk management and business continuity across an enterprise and beyond with SAI360 for Digital Risk. This proactive approach along with the integrated Learning Platform make SAI360 for Digital Risk our SC Labs Recommended product in this month’s round of testing.

Check out all the reviews:

Acuity Risk Management STREAM Integrated Risk Manager 5.4
AlgoSec Security Management Suite 2018.2 8.2
Allgress Insight Risk Management Suite (IRMS) 7
Balbix BreachControl SaaS 19.6x
FireMon Security Manager 8.26
SAI Global SAI360 for Digital Risk 2019.2
Skybox Security Platform 10.0.200
Tripwire Enterprise 8.7
Tufin Technologies Tufin Orchestration Suite 19-2