informa
News

Upstart Vendor Promises Compliance, Risk Management

Securityworks software can prescribe compliance controls, monitor security posture, and help set IT priorities

Securityworks, a former consulting company, Monday will re-launch itself as a software vendor that offers specialized tools for managing security compliance and risk management processes.

The software, dubbed Visible Security 3.0, is the latest entrant in the emerging race to provide IT governance, risk, and compliance (IT GRC) tools for large enterprises that must comply with multiple regulations. Securityworks developed earlier versions of the package for one of its largest consulting clients, but the 3.0 release will be the first to be broadly offered to all businesses.

IT GRC products help companies manage their regulatory compliance projects and monitor their security risk by extracting and manipulating data from security applications, project management data, and management surveys. IT GRC tools are particularly useful for dealing with auditors, because they offer a single view of an enterprise's compliance progress and security posture.

"IT GRC is supported by an emerging set of capabilities that can improve an organization’s external audit posture, reduce compliance reporting costs, and improve an organization's ability to effectively address IT risks," according to Gartner. "By year-end 2008, 40 percent of large enterprises will implement four or more of the eight basic IT GRC management functions."

The market for IT GRC products is becoming increasingly competitive, as vendors of risk management, compliance reporting, and security information management products jump into the arena.

"If you look at other IT GRC products out there so far, you'll see that they're mostly products that were originally developed to do something else, like vulnerability scanning," says Bryan Fish, president of Securityworks. "Our product was built from the ground up for the specific purpose of handling these risk and compliance problems. We're not trying to fit a square peg into a round hole."

Some of the runners in the IT GRC race include Agiliance, Brabeion, eIQnetworks, and IBM. One analyst thinks that Securityworks will be able to hold its own in that company.

"Securityworks has taken a dramatically more business-centric approach to risk and compliance management than most of the enterprise software market," says Brandon Dunlap, managing director of research at Brightfly Inc. "Securityworks smartly avoids overblown marketing hype and instead focuses on pragmatic solutions that solve real-world problems."

Among its features, Visible Security 3.0 has the ability to collect data about a company's regulatory compliance efforts and match it against the specific requirements outlined in the regulations. The software can also make recommendations on which business applications and systems must meet the most stringent security requirements, and which ones don't.

"There's a school of thought that says if you have to meet security requirements for multiple regulations, you should just adapt your systems to meet the most stringent requirements in each of them," observes Fish. "But organizations that take that across-the-board approach are finding that they're spending much more money and time than they need to. Our software can tell them which systems really need to meet those requirements."

Visibile Security 3.0 also has the ability to collect data about the security status of systems around the enterprise, apply metrics, and deliver an overall rating of the company's security posture, Securityworks says.

And by combining data about security requirements, risks, and current status, Visible Security 3.0 can also make recommendations on where a a company's weaknesses are and which projects it should do next. "It helps you set priorities, which is something that can be very difficult when there are so many conflicting requirements and potential threats out there," Fish says.

How much does Visible Security 3.0 cost? Your guess is as good as ours. Fish declined to even give a range of prices. He did say that the software is priced in a traditional licensing model, with maintenance fees. Securityworks also offers optional professional services, which would add to the cost of implementation. The software is available now.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Agiliance Inc.
  • Brabeion Inc.
  • eIQnetworks Inc.
  • Gartner Inc.
  • IBM Corp. (NYSE: IBM)
  • Securityworks
  • Recommended Reading: