RSA Archer GRC Platform 5.3
June 03, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Scalability; enterprise-focused and content rich
- Weaknesses: Nothing technically; cost is something to consider; the real cool stuff requires multiple modules
- Verdict: Strong product in the GRC space. Does risk well when combined with RSA’s full offering
RSA Archer's Risk Manager is part of an enterprise GRC product portfolio sold and licensed as modules for audit, policy, risk, compliance, enterprise, incident, vendor, threat and business continuity management.
It is composed of three logical tiers - interface, application and database - that are deployed on two physical tiers. The platform itself is deployed on two physical tiers that can be hosted on one physical server or deployed across multiple servers, including a web tier and a database tier. In a single host configuration, the platform requires an OS with Windows 2003 Server with SP1 or later, Windows Server 2008 or Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions. SQL Server 2005 SP3 or later, SQL Server 2008, or SQL Server 2008 R2 x64 editions are recommended. The product is scalable for large, enterprise-class deployments.
The risk module can be used standalone but, in reality, users will want to deploy it in conjunction with the enterprise (asset tool), incident and threat management modules for a complete view of risk. We reviewed the policy, risk and threat management modules.
The policy module comes out of the box with a wealth of content supporting popular regulatory standards, as well as content for best practice controls. Assessment questions are either based on industry-defined compliance questionnaires, such as fraud (Red Flags), standard information gathering (SIG) PCI DSS, or tailored to specific authoritative sources, such as Cobit. These questions can streamline the process for defining appropriate compliance content, and they are easily tied back to one's internal standards. New in this version is the ability to add cost measurements to individual controls, so that users can now map individual control costs to the risk exposure.
RSA Archer Risk Management Module enables users to proactively address risks to reputation, finances, operations and IT infrastructure as part of a GRC program. Archer takes both a qualitative and quantitative approach to risk.
The risk module is predominately assessment driven. Assets can be imported from integrations with supported vulnerability, configuration management database or data leakage prevention vendors, or from third-party sources via an API-like data feed manager.
The Threat Management Module is updated in this release and has a built-in threat methodology to deliver threat assessments built on ISO and NIST. Vulnerability data comes in from numerous industry sources and correlates to assessment data to deliver remediation recommendations.
The report-building interface is solid and provides users with configurable dashboards. The platform employs a common data module across all its modules, so reporting, workflow and alerting for all functions work the same. We were shown one screen that had a clean, roll-up view of every module summary.
Basic support is included and provides eight-hours-a-day/five-days-a-week access. Enhanced assistance is available for 25 per cent of the purchase price and provides 24/7 access and priority response.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime