Actu
Symantec Corp. introduced the next version of Symantec Control Compliance Suite
February 2011 by Marc Jacob
Symantec Corp. introduced the next version of Symantec Control Compliance Suite, the company’s integrated, fully automated solution designed to address IT risk and compliance challenges. Symantec Control Compliance Suite 10.5 delivers new features to help organizations better manage IT risk while achieving a more holistic view of risk across their IT infrastructure. This release also continues to provide support for the latest regulatory and security standards and further expands upon integrated native assessment capabilities.
The IT Policy Compliance Group recently reported that a startling eight in ten organizations have poor visibility into their IT risk, taking three to nine months or longer to classify their IT risk levels. Inability to prioritize risks, lack of a comprehensive risk view and inadequate controls assessments all contribute to this problem. Symantec Control Compliance Suite is designed to address these challenges by driving better overall visibility and control of IT risks.
Improved Risk Management Capabilities
“Organizations with the best insight into IT risks have the ability to sort through thousands of IT issues on a daily basis and prioritize remediation efforts to focus on protecting their most critical assets and data first,” notes Jim Hurley, managing director of the IT Policy Compliance Group. The new version of Control Compliance Suite expands upon Symantec’s prioritized approach to managing IT risks with built-in support for the new Security Content Automation Protocol (SCAP) benchmarks and deeper integration with
Symantec Data Loss Prevention.
Symantec Control Compliance Suite 10.5 Provides More Timely Insight into IT Risks
Developed by the National Institute of Standards and Technology (NIST), SCAP provides organizations with a standardized approach to writing security checks and reporting on configuration and vulnerability information across multiple vendors’ solutions. This common framework facilitates a shared view of IT risks allowing organizations to more quickly prioritize and remediate the most important issues found.
Building upon the existing integration with Symantec Data Loss Prevention, this release of Control Compliance Suite provides additional capabilities to help organizations better manage the risk to their most critical data. Through new workflow integration with Symantec Data Loss Prevention, Control Compliance Suite allows organizations to automatically target security awareness training at individuals who have violated data protection policies. Summary pages from these questionnaires deliver an overview of where key security awareness risks are, and have the ability to drill down into more detail to assist in remediation efforts.
A More Holistic View of IT Risk
Organizations with a truly holistic view of their IT risks routinely gather and report on data from multiple sources, per the IT Policy Compliance Group. Symantec Control Compliance Suite continues to deliver a more comprehensive view of IT risks by simplifying the process of consolidating data from disparate systems across the enterprise and communicating results in powerful, web-based dashboards.
Previous releases provided the ability to integrate data from Symantec Data Loss Prevention as well as third party applications such as firewalls, event management systems and vulnerability management solutions. This data is then brought into pre-defined dashboard panels to provide a more holistic view of IT risks for better decision making. The newest version of Symantec Control Compliance Suite expands upon this capability with new out-of-the-box connectors to automatically collect security awareness survey results from the Symantec Control Compliance Suite Response Assessment Manager. For example, a business unit manager can now view a Symantec Data Loss Prevention policy violation alongside results of who passed security awareness training and information on the compliance posture of servers hosting his most critical data.
To further expand an organization’s view of IT risk, future releases of Control Compliance Suite are planned to bring in data from other Symantec solutions, including data on critical vulnerabilities, the latest security threats and real-time file integrity monitoring.
New Built-in Content for Comprehensive Controls Assessments
According to the IT Policy Compliance Group, organizations with the best visibility into their IT risk levels start by putting in place the correct IT controls. A key differentiator for Symantec Control Compliance Suite has been its built-in content covering multiple IT control frameworks and regulations, coupled with automatic updates to help ensure controls assessments are always based on the very latest standards. Symantec Control Compliance Suite expands upon this capability with support for PCI 2.0 and the new SCAP benchmarks.
Symantec Control Compliance Suite 10.5 Provides More Timely Insight into IT Risks
While currently the defacto standard for ensuring infrastructure security for US government agencies, SCAP is increasingly being adopted in forward-thinking commercial enterprises.
This latest release also broadens technical control assessment capabilities to include Federal Desktop Core Configuration Standard (FDCC) support for desktops and Open Web Application Security Project (OWASP) support for Web applications. FDCC helps protect desktops against harmful configuration changes and vulnerabilities while OWASP delivers a technical security standard for web applications by focusing on the top 10 most common vulnerabilities.
