Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Best Policy and Risk Management Products

Readers vote on the best risk assessment and modeling, and policy creation, monitoring and reporting products and services. IT governance, risk and compliance products and configuration management products were also considered.

Symantec Control Compliance Suite

Symantec Control Compliance Suite garnered the gold, winning high marks from readers for its ease of installation, configuration and administration. The product also drew raves for vendor service and support. Symantec Control Compliance Suite is a group of integrated products that combines point-in-time controls assessment and real-time monitoring of risks and threats to reduce compliance costs.

Tripwire Enterprise

Readers awarded the silver to Tripwire Enterprise, rating it highly for its granular and flexible policy management definition capabilities. The product also scored well in several other areas, including its ability to effectively identify policy violations and its reporting and alerting capabilities. Tripwire Enterprise combines configuration assessment and change auditing in a single infrastructure management system.

ArcSight Network Configuration Manager (NCM)

ArcSight Network Configuration Manager (NCM) earned the bronze, winning praise from readers for its granular and flexible policy management definition capabilities. Readers also liked the product for its ease of installation and administration and its return on investment. ArcSight NCM is an appliance to centrally manage network configurations, monitor compliance, and reduce workload through task automation.

"In general, policy and risk management are still two separate areas and both are showing quite a bit of promise. Policy management is further along in maturity. More maturity in risk management practices will ultimately be necessary to help move security [professionals] up the chain of command and give them more exposure and higher priority in the business." -- Chris McClean, analyst, Forrester Research


  Introduction and Methodology
  Best Antimalware Products
  Best Application Security Products
  Best Authentication Products
  Best Data Loss Prevention Products
  Best Email Security Products
  Best Identity and Access Management Products
  Best Intrusion Detection and Prevention Products
  Best Mobile Data Security Products
  Best Network Access Control Products
  Best Network Firewalls
  Best Risk and Policy Management Products
  Best Secure Remote Access Products
  Best Security Information and Event Management Products
  Best Unified Threat Management Products
  Best Vulnerability Management Products
  Best Web Security Gateway Products
  Best Wireless Security Products
This was last published in September 2009

Dig Deeper on Risk assessments, metrics and frameworks

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.