Vendor: Acuity Risk Management
Price: $1,995 (Personal Edition) or $3,390 (Server Edition)
- STREAM’s quantitative approach empowers proactive risk management by quantifying risk in financial terms.
- The user interface is aesthetically outdated.
- The software solution is a highly configurable, scalable and framework agnostic offering real-time updates and actionable data for a complete picture of all the information required to understand cyberrisk status.
SC Labs Reviews
Reviews from our expert team
STREAM is a risk management and compliance solution that gives visibility into risk levels by quantifying cyberrisks. It projects ROI by showing the potential repercussions of identified risk, quantifying the value gained through security expenditures and prioritizing risks based on the remediation costs. The solution is highly configurable, scalable and framework-agnostic, offering real-time updates and actionable data. It simplifies complex relationships within risk management. Threats, controls, vulnerabilities, test results, incidents, issues, audit findings and actions are aggregated to provide a complete picture of all the information required to understand cyberrisk status.
On-premises and SaaS options have identical interfaces. It links all governance risk and compliance data objects to provide comprehensive visibility of data and assist security professionals in making decisions by providing quantified cyberrisk.
Although the user interface could be enhanced to improve ease of use, it is configurable down to the individual user level, with multiple home pages displaying a variety of data protected by role-based access privilege. A unique aspect of the interface, the Enterprise Tree feature, is flexible and highly scalable and delivers at-a-glance risk views. The tree displays risk information, such as where it exists, the number of controls mitigating it and quantitative expected loss values that represent the potential financial impact of a breach.
STREAM uniquely supports both qualitative and quantitative risk assessments. Quantitative assessments record the range of potential losses with an estimation of confidence of that range resulting in an overall loss magnitude score. The expected likelihood of a loss event frequency is configured by leveraging statistical analysis. This analysis projects the expected loss per year from the losses that are estimated as most likely to happen. Loss Exceedance, the probability of losses exceeding a certain amount, is graphed alongside potential risk, current risk and risk tolerance. Since most cyberevents tend to follow a normal distribution (as it relates to loss magnitude and frequency of risk occurrence), this quantitative approach helps promote a proactive risk management posture.
Starting price for single user (Personal Edition) is $1,99,5 including support and software upgrades. Starting price for multi-user (Server Edition) is $3,390 including support and software upgrades. Three-hour response support (phone, email, web, knowledgebase, and FAQs), error correction, and free software upgrades come standard with any subscription. Priority Support (one-hour help desk response) is available for an additional charge. Support is offered 8/5.
Tested by Matthew Hreben