Vendor: Allgress Inc.
Product: Allgress Insight Risk Manager
Price: Starts at $19,500 annual subscription pricing for a medium size environment
- Automation makes managing the entire risk management lifecycle a breeze.
- None that we observed.
- The continued ease of use paired with numerous preconfigured compliance frameworks makes this a product you want to test in your environment.
SC Labs Reviews
Reviews from our expert team
Tested by: Matthew Hreben & Katelyn Dunn
Allgress provides automated and integrated IT security, compliance and risk management Solutions to organizations and their business partners to meet business risk objectives, without necessitating an army of consultants. The Insight Risk Manager platform is modular and includes third party vendor management, audit, security and compliance assessment, vulnerability analysis, risk analysis, risk register, risk exception, policies and procedures and incident management. It is targeted toward mid-sized to enterprise-level users, but mostly driven by risk management team size.
Allgress Insight Risk Management Suite can be broken into three main areas: data sources, compliance processes and visualization. It gathers data from AWS configurations and accounts, third parties, policies and content, audits and assessments, vulnerability scanners and other security tools, as well as any other relevant business metrics. This data is then analyzed for the compliance process and continuous monitoring, for unlimited regulatory frameworks, normalization and life cycle management. These two areas flow into visualization of business relevant risk reports and metrics, compliance and audit reporting and remediation, workflows and security reporting. This visibility breakdown is structured to make interpretation quick and understanding simple.
The Standard Manager lets users pull up benchmarks within any compliance framework (downloadable from their compliance library, composed of 50+ built-in standards that Allgress actively maintains) to drill down into the controls and subsequent details like descriptions and remediations. Allgress comes preconfigured with numerous industry standards including, but not limited to: NIST, ISO, UCF, SOX, HIPAA and PCI-DSS. It is notable that Allgress was the first company in the space to use the AWS API to help clients with regulation. The RPM Mapping Tool takes information from AWS and other third-party vendors and maps it to particular standards, displaying which products meet what controls in the different compliance frameworks.
Allgress does not just provide standards information. It also has a unique capability surrounding the mapping and visualization of compliance. This mapping can occur across standards and frameworks to eliminate redundant controls covered by another implemented standard. The mapping explorer will report back what percentage of coverage per standard and how many controls are mapped versus unverified.
On the backend, the platform allows for mapping policies to any control framework. With the Standard Coverage Wheel Chart, Allgress gives full visibility in a clean wheel graph that shows users where they are compliant and where their gaps are. It is completely intuitive and users can use the drop-down-list to bounce between their different frameworks.
Arguably the most striking feature of this platform is the Standards to Standards Map. It literally lays out the controls of two selected frameworks in separate lists and draws lines connecting their related controls. Users can work their way down the list in this side-by-side mapping and click each individual control in one framework to see the one-to-one, or one-to-many relationship with the controls of the framework comparison. This information is displayed in a pop-out window, outlining the detailed information of those highlighted controls.
Mapping with Allgress does not just increase visibility, it is actionable. Users can link maps to a project creation workflow, maintaining the organization’s standards and controls relationships from project to project across multiple years. Allgress offers training services for this program and, if desired, can be very hands-on with their clients in process and workflow building.
Allgress offers users a holistic, enterprise-wide risk view to turn data into actionable decisions that align with their personal top business priorities, employing quick time-to-value and automated prioritizations of those risks. With flexible deployment options, fast implementation and consistency/integration across the board, this intuitive platform is cost-effective to purchase and maintain.