Modulo Risk Manager v8.1
Modulo offers three forms of pricing: perpetual, subscription and SaaS (by number of assets, starting at 500 for a small enterprise): SaaS: $28,500 annually (includes all hosted hardware and configuration); subscription: $19,500 annually (rented license on the client’s hardware); perpetual license: $48,500 (purchased license, hardware not included). All prices include one year of maintenance and support.
Strengths: Graphical risk maps, new mobile support, analytics ability, integration.
Weaknesses: None noted.
Verdict: Strong all around, from risk process, usability, level of integration, reporting and delivery of the content in a usable format.
Modulo Risk Manager is a single, fully integrated platform for organizations to automate and unify their IT governance, risk and compliance (GRC) processes. Based on an intuitive and flexible workflow, the tool enables organizations to identify, analyze, evaluate and treat risks across the enterprise. By mapping IT and non-IT assets to business processes, Modulo adds business relevance to operational data for risk-based analytics and decision making.
It is offered as both a hosted SaaS solution or as an on-premise software deployment. The on-premise offering has two licensing models: perpetual (the user buys it) or subscription (user's hardware, license rented). The on-premise solution requires MS Server 2008 R2 64-bit, .NET Framework 3.5 and MS SQL Server R2 Standard Edition 64-bit. The web server has similar Windows requirements, and further needs .Net 4.0 and a valid SSL digital certificate.
The offering manages risk, policy and compliance with multiple regulations, internal policies and standards. The MetaFramework is aligned with ISO 31000 and delivers a substantial knowledge base to reference. The solution includes the five core domain modules: management of risk, compliance, policy, workflow and knowledge.
The solution has vast support for integrating data from many directory, network, security, vulnerability and asset management systems. Enhanced in this version is an innovative, open way to automate the collection of information from third-party devices through its open source GRC collectors, dubbed modSIC, for Modulo Open Distributed SCAP (security content automation protocol) Infrastructure Collector. modSIC provides a common platform for developing a service to collect and analyze technology assets based on the open SCAP standard. Data can be collected based on a custom model or by using public knowledge bases through OVAL (open vulnerability and assessment language).
There are several new features to the product in v8.1, the most notable of which is an automated workflow component. The tool moves tasks through the entire risk process. There are also options for incident management with a strong tree mapping style report. The vendor risk and business continuity management (BCM) functions are new. This module provides an efficient integration capability to easily link one's risk to the business continuity plan for the organization, including operational, financial and regulatory. With a new social integration capability, one can also collect social data and measure image impact.
Reporting and visual representation of the information is strong. Tools, such as tree maps and geo mapping, have been enhanced. Plus, there are effective "what if" tools available. New to this version too is a Big Data management feature, and the delivery of more predictive analytics. However, the real strength of this tool is the correlation and visualization of the massive amount of collected data into a manageable and usable format.
Eight-hours-a-day/five-days-a-week standard support is included for the first year. There are premium support options available for a 20 percent fee for both the SaaS and software versions. These are available either by phone, email or web. - ML