Agiliance RiskVision v5.0
Strengths: Very mature look and feel, strong alerting, workflows, great visuals
Weaknesses: Connector support
Verdict: Decent solution but takes some time to deploy. Comfortable usability and great vendor management option
Agiliance RiskVision is a browser-based automated GRC solution. It consists of six manager modules: enterprise risk; policy; compliance; vendor risk; threat and vulnerability; and incident.
RiskVision gathers data from security solutions, scanners and SIEM products and aggregates this data for use with risk modelling and compliance purposes. The data from the various scanners is presented in a single common format. It also automates compliance assessments and can utilise data about threats and vulnerabilities during the compliance process.
The solution provides an easy to use user interface for building reports, creating and managing workflows and the remediation of issues through tickets or exception management. We liked the ticketing capability and the ability to generate a remediation workflow to track the resolution of that ticket. The UI and dashboard was very strong, clean and sharp. It was easy to manoeuvre through the various modules and menu options.
RiskVision can obtain information from numerous sources through the use of connectors. Some of the supported connectors include: IBM's Proventia Management SiteProtector and Rational AppScan; HP WebInspect and Service Manager; Microsoft Active Directory; McAfee Vulnerability Manager; ArcSight; VeriSign iDefense; and QualysGuard. In addition to these applications it also provides a set of generic connectors including automation, database, web services and flat file connectors.
Reporting was very strong. We liked the workflow tools that were provided and the numerous customisable templates that came with them. There is a substantial amount of content provided out of the box, but you do have to perform a large amount of set up in creating initial risk and incident definitions. Typical initial deployments usually take 90 days.
The product is sold as a software solution with the following requirements for installation: Microsoft Windows Server 2003, MySQL 5.1.34, web browser (IE 6.0, 7.0 or Firefox 3.0) and Adobe Flash v10 or higher. Professional services are provided to assist with information gathering, design and deployments.
Agiliance RiskVision is a decent solution and good value for money. It is easy to use and has a great vendor management option.