Modulo Risk Manager v8.1
June 03, 2013
SaaS: c£18,300 annually; subscription: c£12,524; perpetual licence: c£31,149 (hardware not included) (All based on number of assets, starting at 500 and includes one year of maintenance and support)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Graphical risk maps; new mobile support; analytics ability; integration
- Weaknesses: Nothing to note
- Verdict: Strong all around; from risk process, usability, level of integration, reporting and delivery of the content in a usable format
Modulo Risk Manager is a single, fully integrated platform for organisations to automate and unify their IT GRC processes. Based on an intuitive and flexible workflow, it enables organisations to identify, analyse, evaluate and treat risks across the enterprise. It adds business relevance to operational data for risk-based analytics and decision making by mapping IT and non-IT assets to business processes.
It is offered as both a hosted SaaS or an on-premise software deployment. The on-premise offering has two licensing models: perpetual (the user buys it) or subscription (user's hardware, licence rented). The on-premise solution requires MS Server 2008 R2 64-bit, .NET Framework 3.5 and MS SQL Server R2 Standard Edition 64-bit. The web server has similar Windows requirements, and further needs .Net 4.0 and a valid SSL digital certificate.
The solution manages risk, policy and compliance with multiple regulations, internal policies and standards. The MetaFramework is aligned with ISO 31000 and delivers a substantial knowledgebase to reference. It includes the five core domain modules: management of risk, compliance, policy, workflow and knowledge. The demo we were provided with also included modules supporting management of vulnerabilities and threats, vendor risk and business continuity. It is important to note that these modules are optional and can drive up the cost of the overall solution.
Modulo Risk Manager has vast support for integrating data from many directory, network, security, vulnerability and asset management systems. Enhanced in this version is an innovative, open way to automate the collection of information from third-party devices through its open source GRC collectors, dubbed modSIC, for Modulo Open Distributed SCAP (security content automation protocol) Infrastructure Collector. This provides a common platform for developing a service to collect and analyse technology assets based on the open SCAP standard. Data can be collected based on a custom model or by using a public knowledgebase through OVAL.
There are several new features in v8.1, the most notable of which is an automated workflow component. The tool moves tasks through the entire risk process and there are options for incident management with a strong tree mapping-style report. The vendor risk and business continuity management functions are new. This module provides an efficient integration capability to easily link one's risk to the business continuity plan for the organisation, including operational, financial and regulatory. With a new social integration capability one can also collect social data and measure image impact.
Reporting and visual representation of the information is strong. Tools, such as tree maps and geo mapping, have been enhanced. Plus, there are effective 'what if' tools available. New to this version are a Big Data management feature and the delivery of more predictive analytics. However, the real strength is the correlation and visualisation of the massive amount of collected data into a manageable and usable format.
Eight-hours-a-day/five-days-a-week standard support is included for the first year. There are premium support options available for a 20 per cent fee for both the SaaS and software versions.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry