RSA Archer - A Straight Shot Review
June 08, 2016

RSA Archer - A Straight Shot Review

James Byroads | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with RSA Archer

As an Archer consultant, I work with many different types of organizations who are deploying Archer for the first time, or are looking to build upon its capabilities. I have seen instances where it is leveraged both organization wide, or just for a particular department. Archer excels at introducing efficiency to any type of business process, from managing enterprise risk, to tracking non-IT incidents, to implementing a robust vulnerability management program.
  • Introduces efficiency in business processes to reduce cost.
  • Automation which reduces time and errors.
  • An incredible amount customization capability for the platform.
  • Archer is not great at getting data and/or reports back out. There are different options and sometimes they meet the requirements, but often times they come up short.
  • Documentation for administrators could be more in depth.
  • Archer certainly provides ROI by introducing efficiency in processes, reducing time for tasks, and reducing errors.
  • Archer workflow, notifications, and reporting provide a method of highlighting important information and notifying users when it is their time to take action.
  • I have seen individuals, especially in an environment working with Policy Management, Compliance Management, C&A, etc., where they spend so much time collecting data and drafting documentation that they are not actually able to contribute to the improvement of the organization. With Archer, those pain points can be alleviated, and those individuals can get back to work and make real changes.
It has been roughly 5 years since I have seen Securevue, so a lot can change, but to me it felt like several products were purchased and an attempt was made to piece them all together into a single solution (and I believe that may have been true). It also required agents on endpoints which did not fit the model I believed customers were looking for. MetricStream appeared to be difficult to install as it took their own engineers some time to get it installed in my lab environment. I did not think their web interface was as intuitive as RSA Archer. Customization to the platform was possible to some degree, but required a lot more work and technical skills than required by Archer. I did like the landing page for MetricStream which called out the important action items for the current user, but Archer v6.X now has this feature.
Archer is better suited for an environment that has at least some maturity in its program, whatever that program may be. If an organization does not know stakeholders involved, or the workflow for its own process, or has the technology in place to perform vulnerability scans, then Archer will probably not be much help. If an organization knows these items, but it's all paper based or in Excel spreadsheets, or they are struggling to report on them, or notify an individual when it is their time to take action in a process, then Archer can be a tremendous help.

Archer Feature Ratings

Common repository of GRC items
Risk management
Integration with Corporate Performance Management (CPM) systems
GRC policy management
Incident management