Best of Policy and Risk Management 2012

Readers' Choice Awards 2012

Best of Policy and Risk Management 2012

Readers vote on the best Policy and Risk Management products in 2012: Risk assessment and modelling, and policy creation, monitoring and reporting products and services. IT governance, risk and compliance products, and configuration management.

In this part:

Gold: VMWare VCenter Compliance and Configuration Manager, VMware

Readers resoundingly awarded VMWare VCenter Compliance and Configuration Manager with the gold in the policy and risk management category. While the product scored highest in vendor service and support, it also earned noteworthy scores for ease of installation, configuration and administration, and granular and flexible policy management definition capabilities.

VMWare VCenter Compliance and Configuration Manager is designed to automate configuration management across virtual and physical servers, workstations and desktops. It automates tasks such as configuration data collection, compliance assessment, patch management and OS provisioning. It can also be used to continuously audit the configurations of VMware infrastructure as well as Windows, Linux and Unix OSes. Compliance templates can be used to assess configuration compliance with industry and regulatory mandates such as SOX, HIPAA and PCI-DSS. The product is also designed to manage clouds built on VMware technology, as it features integration with vSphere and hardening capabilities for VMware infrastructure.

Readers were very complimentary of VMWare VCenter Compliance and Configuration Manager, frequently describing the product as good, excellent and solid. One reader wrote, "It just doesn't get any better than this for VMware environments."

Expert's market reflection: "Vendors offering policy and risk management capabilities are incredibly diverse, with some focusing on documentation, others focusing on automating processes. Most organizations see value in getting a better handle on their compliance and risk posture, but with so many choices they have to carefully discern what exactly these vendors have to offer." -- Christopher McClean, senior analyst, Forrester Research

Silver: RSA Archer eGRC, RSA, The Security Division of EMC

RSA Archer eGRC snagged the silver, winning readers over with its reporting and alerting capabilities and granular and flexible policy management definition capabilities. Readers also said the product effectively identifies security risks and policy violations. RSA Archer eGRC is allows organizations to manage the lifecycle of corporate policies, assess risks, and report compliance with internal controls and regulatory requirements. It provides integration with RSA, EMC and third-party products and provides real-time visualization of an enterprise's risk profile and compliance status.

Bronze: FortiManager, Fortinet

Fortinet FortiManager won the bronze with high scores for its reporting and alerting capabilities, effectively identifying security risks and policy violations, and for vendor service and support. Fortinet FortiManager appliances provide centralized configuration, policy-based provisioning, and update management for Fortinet devices. Features include the ability to manage up to 5,000 devices and virtual domains and up to 120,000 FortiClient agents from a single interface. FortiManager also provides the ability to streamline management of large deployments by grouping devices and agents into administrative domains.