Agiliance RiskVision v7.0 (HF1)
Strengths: Visualisation capabilities, user interface is flexible, reporting and analytics, mobile device support.
Weaknesses: No SQL support, only MySQL.
Verdict: RiskVision is a full-featured risk solution covering all aspects of compliance, business and IT risk. The tool provides a holistic view of security and compliance in one integrated enterprise platform.
SummaryAgiliance RiskVision v7.0 provides a holistic view of security and compliance in one integrated enterprise platform that enables companies to move from a reactive threat-driven approach to a proactive, risk-aware posture. The Agiliance RiskVision platform brings together threat and vulnerability data, security configuration data, and compliance and risk assessments data. It manages organisational risk, regulatory compliance, security and incident response in a single data-driven system. RiskVision comes as a single platform with multiple modules that users can activate via licensing. These modules include compliance manager, enterprise risk, vendor risk, threat and vulnerability, policy and incident manager modules.
RiskVision can be used for both operational risk management and security risk management, providing organisations an integrated view of risk by correlating multiple frameworks to provide a unified view of enterprise risk for regulatory and audit compliance and IT risk - i.e., controls gaps, threat, vulnerability and incident remediation. The platform brings together threat and vulnerability data, security configuration data, as well as compliance and risk assessments. The tool allows users to employ the enterprise risk information to help provide visibility into business impact and prioritise IT risk remediation actions. RiskVision disrupts the established practice of performing risk management as continuous consulting and replaces it with continuous, automated software-based monitoring. Additionally, RiskVision correlates this data against its asset database as well as its common control compliance framework.
RiskVision has a strong out-of-the-box policy module that is built off of COBIT, ISO and NIST frameworks. There is a lot of pre-populated content for policy, assessment, controls and reporting. RiskVision offers a closed-looped remediation solution via its own ticketing and exception processes, as well as through integration with several ticketing and patch management solutions.
New to this version are more mobile device management vendor integration to help calculate risk from mobile devices and add mobile device data into the correlation engine. There is a new mobile HTML5 reporting interface, supporting any mobile device platform access into the tool. The reporting and dashboarding module has been updated. RiskVision has integrated with JasperReports Server, which delivers dynamic dashboarding reporting with detailed level drill down. Users can create ad-hoc reports easily on the fly. A simplified database schema has been created to make report creation easy through a wizard-driven interface. There are more than 400 charts and prebuilt dashboard templates available supporting performance and risk metrics (KPI/KRI), risk registers, and risk catalogue, including custom operational and business risks.
Agiliance RiskVision is delivered either as on-premise software running on hardware or as an on-demand cloud-based platform. It requires Microsoft Windows Server 2008 R2 and either MySQL 5.6.14 or Oracle Database 11g R2 for server-side deployment and a simple web browser and Adobe Flash v10 or higher for the client. Typical deployments range between 30 and 60 days.
Eight-hours-a-day/five-days-a-week support is included in a standard aid package and includes access to the company's support portal, knowledge base, best practices guides, how-to-videos, customer online forum and live technical staff (via phone, chat, email and WebEx), while 24/7 help is available as part of an extended support option. The standard fee is included in the purchase price of the software subscription. Extended support is £4,447 per year subscription.
Prices are US-based, thus indicative only.