Archer offers a platform for holistic integrated risk management solutions that empower enterprise organizations to more effectively manage risk, ensure compliance, and address emerging challenges.
N/A
Splunk Enterprise
Score 8.6 out of 10
N/A
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
RSA Archer is fantastic at cataloguing, personalizing assessments, raw reporting, and capacity to add custom fields. It is a little clunky around adding contextual information to notifications, peeking into data before attempting to load pages, quick navigation or determining linked (or sub-linked) relationships. These are all concerns that can either be worked around with an appropriate data scheme or with careful administration of the sub-routines.
I'm liking the newer products, and I'm looking forward to how they integrate with the overall product when they come together. Just log in and be able to query a large number of systems for similar issues or a unique one. That is a great fit for Splunk Enterprise, looking for a simple case or a simple String or something of that nature across multiple machines. It's a great fit for that to identify issues or particular software, whatever your scenario is, String, to find it across any particular server or group of servers, so that you can update or do a deployment or whatever it is you're looking to do.
Integration capabilities to multiple enterprise systems
Control standards and Procedures to address multiple regulatory/authoritative sources, standards and frameworks enabling test once satisfy many requiremnts
Rapid application development and User friendly tool with configuration capability to customize easily without user requiring programming or coding skills
We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.
Good tool to get the information communicated, approval workflow, and easy to add new findings/questionnaires. Seems to be compatible with different browsers and little downtime. Only request for improvement is to add an export feature with fewer clicks. Maybe batch export.
You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.
Our RSA Archer team is dedicated to finding solutions for our organization. They haven't mentioned any issues with receiving support with deployment or bug fixes, and generally the platform is very dependable. They are always very excited about delivering a version upgrade and presenting any new features that provide more dashboards or chart types.
Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method.
The online course was simple clear and described the main capabilities of the solution. There is also an initial module that can be done for free so anyone can familiarize themselves with the functionality of this solution. On the other hand, however, there could be more free online courses. Maybe even with a certificate, this would broaden the group of people who are familiar with the platform while increasing familiarity with the solution itself.
It has been roughly 5 years since I have seen Securevue, so a lot can change, but to me it felt like several products were purchased and an attempt was made to piece them all together into a single solution (and I believe that may have been true). It also required agents on endpoints which did not fit the model I believed customers were looking for. MetricStream appeared to be difficult to install as it took their own engineers some time to get it installed in my lab environment. I did not think their web interface was as intuitive as RSA Archer. Customization to the platform was possible to some degree, but required a lot more work and technical skills than required by Archer. I did like the landing page for MetricStream which called out the important action items for the current user, but Archer v6.X now has this feature.
A lot of products have natively inside their own dashboards and or their own logging repositories. And each one is difficult to learn or they're too complex or they're not verbose in the sense that they're not easy to mine the data that you're looking for. So that could be anything from the native logging that you find in other Cisco products. It's easier to use Splunk to draw the data that you're looking for as opposed to going to the individual's products themselves to get the logs that you're looking for.
Splunk has allowed developers to diagnose production issues when access of control was taken away from them to be allowed to view items in production environments and I believe that is invaluable.
At times some developers weren't super happy about using it, but it was more of the fact that they were used to having production access and not creating their splunk queries to get information.
Going one place to view logs was very beneficial to have.