From a security perspective, the most interesting thing is the number of classifiers the product has right out of the box. When I first started with the product, it had 88 and now it has 133. So you know that CA has been working to add more classifiers by talking to their user community. That's very impressive from an end-user standpoint. It shows me what have they been doing since the product first was unveiled last year.
Improvements to My Organization:
It improves our understanding of where data is as opposed to having data, but not understanding the relationship of the data to things like PHI and PII and PCI information. These are now becoming more and more critical in organizations. When you have 1000-plus level indexes within a mainframe space, it becomes very difficult to understand the relationship between the data and what it belongs to. It allows us to get more clarity.
Room for Improvement:
I'm on the sprint team so it means that I'm constantly talking with the developers. The product comes with 133 classifiers as I stated, but I have about 168. I've added classifiers that were important to me that the product didn't have. Those are getting added in future releases of the product because, unlike other vendors, this development team listens. If I'm doing something other security practitioners would likely be doing it too.
Initially, on first release it had some problems. Scans that we would set up to wouldn't run, but those problems were resolved quickly by the development team. Since then, I haven't run into any situations where the scans don't work as published. More importantly, it allows us to write our own types of scans against our own classifiers. That's unique in the industry.
Because it runs in specialty engines and z/OS, it gives us a lot of flexibility regarding who we can distribute the product to.
We use technical support often. I know most of the development team, as well as the development teams of the other products that I use. I don't think it's a habit that people get into and they should get involved with their vendors more. A vendor can't make up these things. They can't fix problems or add new wealth to the product if you don't talk to them. I encourage all security practitioners out there to work with their vendor to get more features added to their product that concern them and their organization.
This solution is brand new. There's nothing like it on the market. Because of that reason and because it's in it its infant stage, it has a lot of bite to it. When you can take any product that allows you to execute 133 different features right out of the box without doing a thing, that's impressive.
I was involved in the initial setup and it all happened within a day. It's fast and clean. We were scanning by the end of the day.
I look for the stability of the vendor, flexibility, and Agile development. I like a vendor that listen to his customers and delivers what he says he's going to deliver.
This is a product that doesn't intrude in your system. It runs in a specialty engine. Try it. If you don't like it, I'd be surprised.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.