Wednesday, April 23, 2008

More Continuous Auditing Software - Or is it?

As many who have met us know, Kim Jones and I keep various Google Alerts set for key phrases that relate to continuous auditing (CA) and continuous monitoring (CM). As is the case in most weeks, this week's alert had many more citations for CM than CA. But the CA alert did have a number of new and noteworthy items for us.

One of this week's most interesting CA alerts was from Atlanta-based software firm called Gideon Technologies and their SecureFusion suite. The suite should be of interest for configuration controls auditing and monitoring in the IT General Controls stack, but not for monitoring of financial transactions, as we focus on at Visual Risk IQ. Nevertheless, the alert reinforces how the analysts in the GRC space struggle when describing the capabilities and points of distinction among software firms known for CA, CM, and/or GRC. SecureFusion capabilities include IT asset detection, configuration management, and vulnerability assessment, and therefore have little if anything in common with CA and CM transaction monitoring tools like Oversight, Apex, or ACL.

Kim and I know Ken from our PwC days, and we recently saw him speak a March meeting in Atlanta, where they introduced Gideon's SecureFusion solution to a number of information security professionals. He was quick to agree that there are a number of technology solutions that share the similar names and even named features, but that they do not in fact compete in any meaningful way. Over time, hopefully the market(s) will also begin to distinguish this as well.

No comments: