Wondering if anyone has compared the two tools for evaluating users with specific authorizations.
Solman Configuration validation allows for the creation of a configuration store where you can maintain specific authorization combinations that are determined high risk or something that you would like to monitor. You create this as a baseline and monitor your target systems to evaluate if any users are in violation of any authorization combos. A report can then be scheduled to run with results saved. Alerts can probably be configured or monitored via a dashboard.
Within GRC you can build the same authorization combinations as part of a ruleset and schedule the evaluation. Results can be reviewed and actions can be taken.
Is there a benefit or need to use both? Can anyone think of the advantages or disadvantages of either tool?