Lumension Risk Manager
Strengths: Automated risk evaluation with many compliance tools built in.
Verdict: Good deployment options for those organizations for which the price is a bit rich. Good automation and typical Lumension reliability.
Lumension Risk Manager is a piece of a larger suite called the Lumension Compliance and IT Risk Management platform. However, that does not mean that Risk Manager cannot do a lot without the other components of the suite. This product is a feature-rich risk management platform that can take results from vulnerability scans, as well as anti-virus scanners, and correlate the results into useful information as to the risk and security posture across the network. Administrators also can use Risk Manager and the risk intelligence engine to correlate internal policy against many compliance standards and regulations.
The review of this product was conducted using a virtual evaluation server, which already had the product installed and up and running for us, so there was not much to do in the way of installation and configuration. However, we do know that the product is a software-based solution and requires a dedicated server running Windows Server along with access to a Microsoft SQL Server database either running locally on the server or accessible on a separate server. The installation of the software engages all the necessary components, including the web-based management console. We found this to be fairly easy to navigate with an organized tab-top navigation structure.
A major part of this product is not only managing risk but also maintaining compliance. Using this tool, administrators can easily report and evaluate on compliance of many devices across the network and make sure they are in line with compliance standards. Reports can be easily generated along with remediation modeling of possible scenarios to determine if certain remediation tasks will boost or hinder the security posture of the network. This product also contains many automated workflows which can help streamline the assessment process and provide targeted results quickly and easily.
Documentation included only a short evaluation guide. The evaluation guide did provide a solid overview of using the product for various scenarios and had many step-by-step instructions along with configuration examples and screen shots. We would have liked to see an administrator-guide link or some kind of access to product documentation, either in the interface itself or in the start-menu shortcut folder on the server itself.
Lumension offers an excellent amount of both no-cost and paid support. Customers can access many options as part of their subscription cost of the software. Some of these options include 8 a.m. to 5 p.m. phone-based technical support, along with email support with one-day response and access to an online portal and knowledge base. Paid support offers a lot more, including 24/7 phone-based technical support, accelerated response times, remote health checks, dedicated technicians and many other features.With a price of just above $33,000 for a perpetual license, this product can be quite expensive for many environments. However, Lumension does offer a subscription-based model for those who wish to pay on an annual basis. We found this product to be an average value for the money. While it does offer some solid features, it is quite expensive given that the scope of the product is limited.