Rsam Security Incident Response Platform Review

Customization and transparency of data, while maintaining a mostly user-friendly UI


What is our primary use case?

The Rsam solution that we have implemented at my employer is used in many ways. Due to the nature of information security, however, I’m not able to divulge details without violating key elements of the concept of what we’re trying to achieve.

With that said, Rsam excels at ingestion of data from many different sources with dissimilar data formats and can mash them together to achieve uniformity, relevance and, with that, awareness. 

How has it helped my organization?

Sadly, I can’t provide specific examples due to the nature of the content of the improvements. I will say that, prior to implementation, and post-implementation, we saw a nearly 800% increase in volume of completed and correctly completed documentation in regards to specific tasks being completed. Rsam puts the workflow first, and lets the record follow it. It literally puts a task on rails and the person needing to do the work only need respond to the prompts accordingly and let Rsam automate the rest. The data is cleaner, more uniform, and there’s simply more of it created more quickly, as a result.

What is most valuable?

The customization and the transparency of data, while still maintaining a mostly user-friendly UI. It allows for me, as an engineer, to evolve the individual components and modules, and to create a much more meaningful picture than the individual pieces in isolation ever could.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Hands down, if Rsam adopted a more industry proper "End of life – Deprecated – Stable – Release – Experimental" system with their releases, and all the proper checks and balances, I’d be an incredibly happy individual. I can appreciate the cause and affect, wherein the customization of the tool drives rapid release schedules, and the paradox that creates with the idea of stable releases. 

I’d also like more transparency about known bugs and issues.

What other advice do I have?

The wonderful thing about Rsam is that it is incredibly adaptive, it can change with the flow of new trends in InfoSec without missing a beat. It allows engineers, users, and management types to adjust to new threats while maintaining continuity, and demonstrating effectiveness of their teams and providing metrics that continue to warrant their existence as a business unit. 

The scope of your question, in regards to SIRP, suggests that Rsam exists in a bubble, unaware of the other tools and aspects of InfoSec, but in truth, it really does shine when the synergy between those other pieces all comes into alignment and you have a truly detailed but zoomable view of what is actually happening with your assets.

I rate it solidly at nine out of 10. There are things that could be better about it but that is to be expected. A tool that is highly customizable is also susceptible to odd combinations that the vendor may not be able to plan for. The vendor does, however, rapidly respond to those outliers and works diligently to resolve.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email