Lumension Risk Manager v4.4
June 03, 2013
From £5,000 for 100 nodes for Lumension Risk Manager Platform, 100-node/subject licence and connector development kit (Unified Compliance Framework (UCF) content sold separately)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Interface provides a great user experience; out-of-the-box controls and the ability to overlap them to multiple mappings
- Weaknesses: Pricing per node and additional fees for UCF content can make this expensive for a larger enterprise
- Verdict: Good survey-/assessment-driven compliance and business risk tool
Lumension Risk Manager (LRM) is a compliance and risk management solution that provides a framework for streamlining compliance management and assessing business risk. It provides visibility into compliance and risk through four capabilities: risk profiling, controls framework, controls assessment and risk/compliance reporting.
It is delivered as on-premise software running on one's hardware. It is a Java-based web application running on a Microsoft Windows Server that can be viewed on any MS Windows-compliant device. LRM deploys on Windows 2005-2008 and SQL Server 2005 through 2008 R2.
LRM is geared to providing end-to-end visibility of all control activities needed to ensure protection of information. It harmonises common controls from more than 450 regulatory standards into a single set of controls, thus easing the burden and duplication inherent in manual compliance management practices. In short, it can assess a single control once and apply it to any standard or regulatory requirement. The tool's Risk Intelligence Engine allows it to easily correlate an organisation's policy against regulatory standards while measuring the business risk of vulnerabilities in an IT environment.
Its risk profiling offers modelling of the risk between IT assets and the business interest. Assets can be brought into the system with its Connector Development Kit. There are a few prebuilt connectors, SIEMs, vulnerability scanners and patch management solutions. There is also a published application programming interface (API) for bringing in asset data and other security data. Framework controls capture control requirements mandated for the proper level of risk mitigation. This effort maps controls to satisfy compliance requirements.
The Assessment controls function assesses the technical, physical and procedural controls to provide a single view and measure of compliance. Risk and Compliance Reporting delivers a metrics-driven set of reports supporting executive decision-making all the way down to detailed reports for external auditors. The reporting and dashboards make it easy to show a risk picture to any level of user - from executive to analyst.
The survey process drives the business risk assessment and covers areas such as vulnerabilities, environmental/natural risks, loss or theft risk, and regulatory failure. LRM uses analytics to assist in the review of risk. Administrators can employ the heuristics engine to effectively analyse control scores to discover patterns, such as a certain group of subjects that contribute disproportionately to a poor compliance score, or a certain type of control that fails across a broad array of subjects. Patterns in scoring information can be quickly identified so that high-value remediation efforts can be prioritised.
To assist in managing the raw amount of data associated with each of these, LRM analyses the data and puts it into a category of meaningful, neutral or less meaningful. Each of these can be assigned a custom risk value that rolls up into the final risk calculation.
Lumension provides both standard and premium support options as part of its subscription cost of the software, which include phone-based technical aid, email assistance with one-day response and access to the Lumension online customer portal and knowledgebase.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry