LockPath Keylight v3.0
June 03, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Great visualisation; links risk to elements
- Weaknesses: Delivers a lot, but at a high price
- Verdict: Has what is needed to manage risk and compliance
LockPath Keylight is a family of applications that includes management of compliance, threats, risks, vendors, incidents and business continuity. It is centrally managed and has a single sign-on system with configurable permissions that allow multiple users to manage different aspects of the system.
The tool is delivered either as a cloud-based SaaS or an on-premise solution. The SaaS model simply requires a modern browser and internet access. The on-premise offering is built on the Microsoft platform, using .Net and C# with SQL as the backend database. We were told that a typical deployment could be installed and configured for use in 30 days.
Keylight's Risk Manager provides a comprehensive set of tools to identify, assess and prioritise the most relevant risks for an organisation. Risks are captured from multiple sources, including user entry, compliance, policy and risk assessments, and integration to network and security devices. There is a substantial list of built-in connectors for plugging into network and security products.
The Threat Manager provides vulnerability remediation and has the ability to integrate with several vulnerability scanners, including products from Qualys, Nessus and Rapid7. Once risks are captured, Keylight includes a configurable workflow engine that can move risks between individuals and groups. This is configured through a menu-driven wizard and requires no custom code. The same workflow tool is integrated through the entire product suite.
The Dynamic Content Framework allows users to customise all the risk elements and to even create custom risk types. Users also have the ability to cross-relate objects from all applications, such as policy to a risk, or a risk to a business continuity plan.
The offering has a questionnaire-driven compliance module. These templates are easy to create and customise right down to custom scoring with the ability to flag questions and route them through additional workflow steps, such as a mandated review process. LockPath Keylight also includes a full policy management suite, which offers the ability to import or build policies, move policies through a configurable workflow process and relate policies to regulations within a content library. Another module, Incident Management, is also fully integrated and uses the same email-driven workflow described above.
We were not provided with a lot of detail on the Business Continuity Manager, but wanted to mention that it offers the ability to generate, test and report on business continuity planning (BCP) readiness. There is also a Vendor Management module for extending assessments to vendor partners.
The reporting capabilities are strong. All the reports are created through a simple, drag-and-drop interface and everything is available to report on: risk objects, policy exceptions, tying of a risk to a policy exception, etc. One can view data in user-configurable dashboards, heat maps or detailed drill-down reports. The heat map view is one of the better visuals we saw in this group test.
Support is included in the licence price. There is only one option: eight-hours-a-day/five-days-a-week, with assistance available via phone, web or email. Documentation is built into the product as online help, which is well done.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report