eGestalt Technologies SecureGRC

Powered by SC Magazine
 

It is a solid citation-based configurable risk model but is light on compliance content.

SecureGRC is a cloud-based, software-as-a-service (SaaS) enterprise application that provides security and regulatory compliance management. It unifies security monitoring and compliance into a single solution to address needs around risk management.

This is a young product, v1.0 shipped in August 2010. The beta version we were shown is due to be released soon. It focuses on the assessment portion of the risk effort. We were told that the final version will also support remediation through the integration of support for threat and vulnerability data.
The combined security monitoring and IT-GRC solution provides automation and integration of security and policy controls in a ready-to-use automation framework. SecureGRC currently comes with prepopulated content and support for PCI DSS 1.2 and HIPAA.

On the remediation options front, SecureGRC provides real-time status on the current state of security and compliance and then offers a checklist of questions that guides the process along, asking for proof of documentation to fulfill the compliance request. No prior knowledge of any particular compliance regulation is necessary in order to use SecureGRC. Users simply follow the application's list of instructions and upload the required documents, and the system will generate a report that can be presented to auditors to prove compliance.

The hosted model was developed with multitenant security in mind and includes security at all transmit and service levels. There is an option in the hosted pricing to pay as you use this tool, i.e., per assessment.  Subscription is $750 per year (MSRP) for SecureGRC SB and $9,100 per year (MSRP) for full SecureGRC. It is SaaS only, with no on-premise software.

The product takes an interesting approach to risk management, and we believe the final version - which includes more in-depth reporting and compliance content, and delivers on the remediation front - will be worth a look.

Copyright © SC Magazine, US edition


eGestalt Technologies SecureGRC
 
Overall Rating
Verdict:
If the product delivers as promised in final release, it is worth a look.
Product Info
Specs:
Version 1
 
Price when reviewed:
9000
 
 
 
Top Stories
Parliament passes law to let ASIO tap entire internet
Greens effort to limit devices fails.
 
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
 
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  65%
 
Advanced persistent threats
  5%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1388

Vote