SailPoint Identity Security Cloud vs. ThreatConnect Risk Quantifier™ (RQ)

As discussed in previous sections, it does integrate well with other systems, and basic JML works well; it's very powerful and customizable in these areas (though also complex). The downsides are in areas like access reviews, where it's less customizable (no way to automatically send a review to the owner for a set of access items; each review needs an individual to be selected for it).

Incentivized

Well-Suited Scenarios: Reporting to management where financial risk metrics are required. - Vulnerability prioritization when you need to rank issues by real exploit risk and financial/business impact. Less-Appropriate Scenarios: Fast-changing cloud environments where asset data needs updates too frequently for accurate models required all the time. - Incident investigation, as ThreatConnect Risk Quantifier™ (RQ) is not designed for real-time check

• Brings users access, profiles and accounts all into one place
• Manages the Life Cycle Management process across ALL identities, permanent and Temporary
• Secures and manages access to critical applications and resources across the group
• Enables Info. Security to customise, share and delegate authority across the group
• Single version of the truth across our technology platform

Incentivized

• Provides scenario-based modeling to measure risk, which can be reduced through patches or new controls.
• Delivers technical-to-business reporting that supports remediation planning and financial budget planning.
• Ranks vulnerabilities by exploit risk and business impact
• Quantifies cyber risk in financial terms using vulnerability, threat, and asset data.

• The user interface is not very intuitive. It is hard for the occasional user to navigate through the request process. There are no instructions on the screen to help the user to know what to do. It is left up to the user to figure out what to click on and how to navigate through the process.

Incentivized

• Dashboards can be customized to offer more options, especially for technical teams that require deeper drill-downs and also more simpler and user-friendly.
• Processing large data files can be slow sometimes, especially during large builds or bulk updates.
• Risk modules sometimes need manual intervention for multi-client environments, which can be time-consuming.

Its a best tool for a CISO, works very well, easy to use, great connectors and integrations, great reports, automated reviews, full compliance, great support to a JML (Joiners, Movers and Leavers) project;

Always improving the UI, so it's getting better. Some areas are fully featured, but others, such as Separation of Duties reporting and policies, are very weak.

Incentivized

I rate ThreatConnect Risk Quantifier™ (RQ) an 8 because it’s generally easy to use once the integrations are set up. The dashboards, risk scores, and financial impact metrics are very straightforward and help make quick decisions for executives. However, the initial configuration and model tuning can be a bit complex it's not a perfect 10 for me.

Support for Customizations is very limited.

Incentivized

The first journey isn't easy because you need to win your internal process and problem concern and Sailpoint have many experience to support this phase, and make the real difference into the client experience;

The on-prem SailPoint IdentityIQ platform provides the necessary customization that is required in our dynamic environment. Although we may look at a cloud-based Identity Management service again in the future, (there are many advantages), our identity management, authentication, and application assignment processes cannot be quickly consolidated to a single cloud-based service at this time.

ThreatConnect Risk Quantifier™ (RQ) stacked up better than RiskLens, better for our organization, is mainly because it integrates directly with our scanners, SIEM, and CMDB, allowing automatic, real-time risk monitoring. It also combines exploit intel, asset value, and vulnerability data more efficiently, giving us clearer technical priorities for the business impact. We chose ThreatConnect Risk Quantifier™ (RQ) because it provides faster, more actionable risk scoring with less manual modeling than RiskLens.

• Over 300,000 password change/reset calls avoided to the helpdesk annually.
• 1,000 plus accounts with proper accesses provisioned via automated birthright processes weekly versus 1-2 days of manual provisioning and approvals. With a call center population that churns many people per week, this brings many dollars of efficiency to the operations teams.
• Flexibility on terminations to manage accounts and access for target applications based on regulatory or business rules to ensure compliance and avoid fines for non-compliance.

Incentivized

• Improved alignment between IT, security, and business teams because risk is measured in financial terms, not just technical terms.
• It gives leadership clear cost-based risk metrics, making it easier to justify security budgets and prioritize projects.
• Initial setup and data integration require time and more disruption to the existing setup
• Risk models sometimes need tuning, adding extra operational overhead.