Allgress : Manages Transition from Traditional IT Security to Risk Management

While running his previous security services company, Jeff Bennett, Co-Founder and COO of Allgress, realized that the hardcore technical security professionals in organizations often find it difficult to communicate the risk posture of the company to business leaders. “This observation acted as the catalyst for starting Allgress, to build a platform that would enable security professionals to quickly communicate the risk and compliance posture to senior management so that threats to business priorities were clearly understood. This would compel business leadership to allocate the resources and budget to manage risks more effectively to avoid business impact,” says Bennett.

The Allgress Insight Risk Management solution converges disparate risk silos across global enterprise networks and helps security and risk professionals to gain an immediate, intuitive and unified view of the organizations’ information security and compliance risk posture in both technical and non-technical terms. Powered by the patented Allgress Business Risk Intelligence engine, each product module generates actionable data which is automatically translated into the language of business through highly visual and intuitive heat maps and compliance reports. The modules can be deployed separately or as an integrated solution to provide insight into specific areas of concern or a comprehensive view of risk, security and regulatory compliance across the organization’s global network.
With more than two decades of IT security and compliance industry experience, Bennett understands that customers require automation, customization and time-to-value in order to see a solution as a valuable tool for achieving their goals. The Allgress Intelligence engine aggregates data from different sources like assessments, vulnerability scanners, and policies then converts them into meaningful reports so that senior leadership, information security and auditors can prioritize their risk management with a minimal about of human resource intervention.

Allgress customizes its solutions to align security with industry specific priorities. Organizations are unique in nature and complexity, but many are unified by a common thread—they need to get a solution in place and get it up and running within days or weeks regardless of the risk requirement. Requiring an army of consultants to derive value out of a solution is neither time nor cost-effective so Allgress caters to the immediate needs of clients by enabling a snapshot of the risk posture within the shortest possible period, then continuous updates over time.

For instance, a large banking group, had multiple vulnerability scanning solutions spread over many countries. However, there was no cost effective way to report, manage, and mitigate these disparate scanners. The executive management at headquarters had no visibility into the organization’s vulnerability and risk posture. Allgress allowed the consolidation of individual country vulnerability data.
Risk reports are now generated on country and business unit levels enabling executive management to have a rollup view of all countries with the ability to drill down to an asset level if needed. The bank is now allocating appropriate resources to reduce risk because they have a clearer understanding of where the risks are and how it could impact its business worldwide.

In the coming months, the company will continue their focus on continuous monitoring and automation of the risk management process and, more importantly, in minimizing solution customization. “Every customer has unique risk management needs and so the solutions they deploy really have to achieve time-to-value without requiring an army of consultants. This has been our focus and in the coming months we are going to deliver an innovative approach to rapid customization. Our uniqueness lies in our ability to adapt to customer environments very quickly, which enables them to respond immediately to changes,” exclaims Bennett.


Helps enterprise security and risk professionals solve the problem of how to assess, understand and manage corporate risk