October product reviews: Risk management
This month we take another look at risk management tools, a group that is evolving and continuing the trend of adding new features and taking interesting approaches like dramatically increased automation. In our view, automation is a crucial component of these risk management solutions since adequately and efficiently conducting risk management has exceeded the scope of purely human analyst capabilities.
Ever-changing compliance requirements and the growing threat landscape, too, mandate the need for sophisticated and comprehensive security solutions.
Risk management tools detect assets on a
network and can ingest and understand network traffic flow. We saw a generous
amount of automation incorporated into many of the solutions we tested,
including the ability to automatically detect assets, provide remediation
suggestions and execute critical incident response processes. Understanding
some analysts prefer to be more hands on, we affirm automation is an important
asset, driving analysts to work alongside risk management tools in the
decision-making process.
An important part of risk management – and the capabilities these
solutions provide – is gaining a comprehensive overview of risk across an
environment. Apart from reaching compliance and bolstering security posture,
these tools can assist in determining whether organizations are fully reaping
the benefits of other security tools.
Risk Management
Our annual return
to the risk management space found that evolving regulations and compliance
frameworks have placed increasing demands on security teams. The complexities
of accommodating a proliferation of devices being brought into the workplace,
coupled with a shifting compliance landscape, have elevated the importance of
these tools. As the frequency, sophistication and scope of routinely faced
threats grow, so too does the need for similarly sophisticated and
comprehensive security solutions.
Incorporating automation into the process is a crucial element in the
latest crop of risk management tools. And the vendors deliver. Balbix, for
example, categorically affirms risk management is no longer within the scope of
being a human-scale problem, and we quite agree. Organizational infrastructures
encompass too many facets for automation to not be part of the risk management
picture. Additionally, the costs and repercussions associated with compromised
assets and stolen information mandate comprehensive visibility across a wide
spectrum of information assets so security teams can get their arms around
safeguarding an infrastructure.
The tools we tested understand networked assets and the traffic flow of
data required to access them. They
provide great insights into who owns assets, , as well as the likelihood
and potential impact of them being breached.
From a high-level perspective, the products all aim to achieve the same
thing. But the methods used to manage risk can vary dramatically from one
product to another. Some solutions offer extensive automation; others, very
little. While we understand in some cases security teams prefer to be more
hands-on and have more control over granular aspects of solutions, we believe
that automation is the best way to achieve visibility into environmental risks,
reach maximum security efficiency and sustain compliance.
Among the more impressive features we noted were automatic asset
identification, prioritized remediation suggestions and extensive
decision-based reporting. Remediation suggestions assist analysts in making
decisions and increase efficiency in the overall process. Extensive reporting
options provide visibility into metrics, offering analysts and stakeholders
alike a quick, at-a-glance view. Understanding the assets available in an
environment and how they apply from an organizational, business practice
standpoint are key to the decision-making process.
We saw many familiar faces in the products reviewed this month, along
with some new ones. We are always excited to see how solutions have grown since
the last look and were pleased to find several notable improvements.
PICK OF THE LITTER
The functionality of AlgoSec’s highly intuitive chatbot, AlgoBot, coupled with the platform’s zero-touch automation/orchestration capabilities and competitive price point makes the AlgoSec Security Management Suite an SC Labs Best Buy.
SAI Global is able to deliver proactive risk management and business continuity across an enterprise and beyond with SAI360 for Digital Risk. This proactive approach along with the integrated Learning Platform make SAI360 for Digital Risk our SC Labs Recommended product in this month’s round of testing.
Gloss