Modulo Risk Manager v7.6
Perpetual license: $48,500 (purchased license, hardware not included); Subscription: $19,500 annually (rented license on the client’s hardware); SaaS: $28,500 annually (by number of assets, starting at 500 for a small enterprise); all prices include one-year maintenance and support.
Strengths: Measures risk from all angles; massive knowledge base for content and connectors; mobile App support.
Weaknesses: None of note.
Verdict: Truly takes massive amounts of complex data and easily represents it in a single risk score. Covers risk for all aspects – business, IT and physical assessments. We ran out of words to describe all the features of this product, so we’ll just make it our Best Buy.
Modulo Risk Manager is a single, fully integrated platform for organizations to automate and unify their IT governance, risk and compliance (GRC) processes. Modulo Risk Manager automates the process of identifying, analyzing, evaluating and treating risks across the enterprise - reducing complexity and costs and offering visibility into the risk management process by identifying risk, measuring the impact to the business and tracking what the organization is doing about it.
Modulo Risk Manager is offered both as a hosted SaaS solution or as an on-premise software deployment. The on-premise offering has two licensing models, perpetual (one buys it) or subscription (user's hardware, rent the licenses). The on-premise solution requires MS Server 2008 R2 64 Bit, .NET Framework 3.5 and MS SQL Server R2 Standard Edition 64 Bit. The web server has similar Windows requirements.
The product is a set of modules that includes risk management; compliance management; policy management; continuous monitoring supporting ongoing monitoring of risks and controls across the portfolio of client products, including vulnerability assessment, security information and event management, intrusion detection system and intrusion prevention systems products; vendor risk management; audit management; incident management; asset management and knowledge management. IT risk and vulnerability management integration is included and supports integration with popular vulnerability scanners.
Based on the ISO 31000 standard, the Risk Manager Module provides tools to inventory, analyze, evaluate and manage/mitigate risks. It delivers quantitative and qualitative information on identified risks and helps to prioritize actions. Risk is calculated using three dimensions: probability, relevance and severity. There is a complete incident management tool for addressing risks and non-compliant assets, allowing one to monitor progress through a comprehensive incident and workflow-management system. This function has been updated in this revision and provides better automated remediation options. One can easily automate the asset management process by providing asset inventory (both technology and non-technology-oriented assets, such as people, processes and facilities) that are imported from a number of third-party sources. The audit function is easy to use and, as mentioned above, has a ton of prepopulated content. The assessment process is done via email, but there is also a mobile application that allows users to not only answer questions but also upload evidence from a mobile device. The output of these modules provides a clear, comprehensive and prioritized view of risks and vulnerabilities, while integrating IT assets, resources, environment and processes into a single platform.The reporting and visual dashboarding capabilities are as strong as any we've seen. One has role-based dashboarding, easy-to-use report editors and, most importantly, a correlated view of all risk aspects in the enterprise. Maintenance and support are free for the first year and cost 20 percent of the purchase price thereafter for perpetual licenses included in the SaaS fees. This is a complete offering for managing risk. We wish we had more space to fully cover the other features we liked.