eGestalt Technologies SecureGRC

Powered by SC Magazine
 

It is a solid citation-based configurable risk model but is light on compliance content.

SecureGRC is a cloud-based, software-as-a-service (SaaS) enterprise application that provides security and regulatory compliance management. It unifies security monitoring and compliance into a single solution to address needs around risk management.

This is a young product, v1.0 shipped in August 2010. The beta version we were shown is due to be released soon. It focuses on the assessment portion of the risk effort. We were told that the final version will also support remediation through the integration of support for threat and vulnerability data.
The combined security monitoring and IT-GRC solution provides automation and integration of security and policy controls in a ready-to-use automation framework. SecureGRC currently comes with prepopulated content and support for PCI DSS 1.2 and HIPAA.

On the remediation options front, SecureGRC provides real-time status on the current state of security and compliance and then offers a checklist of questions that guides the process along, asking for proof of documentation to fulfill the compliance request. No prior knowledge of any particular compliance regulation is necessary in order to use SecureGRC. Users simply follow the application's list of instructions and upload the required documents, and the system will generate a report that can be presented to auditors to prove compliance.

The hosted model was developed with multitenant security in mind and includes security at all transmit and service levels. There is an option in the hosted pricing to pay as you use this tool, i.e., per assessment.  Subscription is $750 per year (MSRP) for SecureGRC SB and $9,100 per year (MSRP) for full SecureGRC. It is SaaS only, with no on-premise software.

The product takes an interesting approach to risk management, and we believe the final version - which includes more in-depth reporting and compliance content, and delivers on the remediation front - will be worth a look.

Copyright © SC Magazine, US edition


eGestalt Technologies SecureGRC
 
Overall Rating
Verdict:
If the product delivers as promised in final release, it is worth a look.
Product Info
Specs:
Version 1
 
Price when reviewed:
9000
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 432

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 208

Vote