Risk Analytics as a Service v4.1.0
Strengths: Handles Big Data very well, reporting, dashboarding and analytics.
Weaknesses: A lot of manual processes.
Verdict: Users expend a lot getting information into the tool, but once that task is done, the tool does a great job helping visualise and analyse it.
SummaryBrinqa Risk Analytics is an IT risk management and vulnerability risk management platform that provides a consolidated view of an organisation's risk factors. The Brinqa Risk Analytics Administration console enables data integration from security products and other data sources that are not able to "talk" to each other. Brinqa applications aggregate risk data, define and manage risk models, measure return on investment and risk reduction, and review metrics and trends.
The Brinqa Risk Analytics platform console provides users with wizards for completing various tasks and navigational features that are consistent throughout the application. The console is setup in a series of panels, with each related to one of the risk module wizards. Users have a common view of data across all modules including risk management, vendor risk management, threat and vulnerability management and incident management.
This is a risk object driven tool. Users start by manually importing assets using the connectors that come with the product. Policies are also imported. The user interface walks users through mapping object to domains and domains to workflows. Brinqa has an open content framework that has some light content out of the box, but users will more than likely import their own. Setting up the connectors, models, controls and process workflows are manual, but they are fully reusable. The risk assessment module is passed on PCI control sets. Assessments are used to collect data. Users have some pre-built content and a wizard to develop one's own. Assessment lifecycle management includes stages for creating, answering and reviewing assessments with stage notifications built in.
The reporting and analytics capabilities were impressive. The approach Brinqa took to designing the data management system, i.e. Big Data architecture, really makes it easy to aggregate data across all areas and create ad-hoc on-the-fly reports and dashboards. The reporting module is graphical and business intelligence driven. The analytics capabilities, what-if analysis and trending were also well done. Using the analytics tools users can create metrics across any sets of data and even create useful, focused metrics to track things like incident management, virus protection, patch management, vulnerability management and change management metrics. The useful part of the analytics tool was that these metrics had a lot of additional information beyond simple counts. Some example metrics include mean time to mitigate metrics, percentages of systems patched as an example, SLA management, and frequency of threats/vulnerabilities.
Brinqa can be deployed as a cloud-based solution or as on-premise software. The supported server platforms for on-premise include: Oracle Solaris 9, 10; HP-UX 11iv2, 11iv3, IBM AIX 5.2, 5.3, 6.1; Red Hat Enterprise Linux Server 3, 4, 5; OpenSolaris 2008.05, 2008.11, 2009.06; SuSE Linux Enterprise Server 9 SP2, 10, 11; Windows NT 4.0; Windows Server 2000, 2003, 2008; Windows Vista/XP, Windows 7, z/OS v1.6 - 1.11. The application server is supported on Apache Tomcat, Oracle WebLogic Server, IBM WebSphere, Sun Java System Application Server, Sun GlassFish Enterprise Server. Supported database systems include IBM DB2 9.1, 9.5, 9.7; Microsoft SQL Server 2000 SP3, 2005, 2008; MySQL 5.0, 5.1; Oracle 10g, 11g.
Basic support is included in the license fee and includes phone and email access, and 24/7 access is by online support portal. No other support options were provided. Documentation is built-in and accessible from the application.
Prices are US-based, thus indicative only.