Control Compliance Suite 10
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Control Compliance Suite 10

on

  • 5,469 views

Symantec Control Compliance Suite 10.0 is a holistic, fully-automated solution to manage all aspects of IT risk and compliance. It is expected to provide even greater visibility into an ...

Symantec Control Compliance Suite 10.0 is a holistic, fully-automated solution to manage all aspects of IT risk and compliance. It is expected to provide even greater visibility into an organization’s security and compliance posture while still lowering compliance cost and complexity.

Statistics

Views

Total Views
5,469
Views on SlideShare
5,383
Embed Views
86

Actions

Likes
0
Downloads
181
Comments
0

3 Embeds 86

http://www.slideshare.net 41
http://www.techgig.com 41
http://115.112.206.131 4

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Control Compliance Suite 10 Presentation Transcript

  • 1. Introducing Symantec Control Compliance Suite 10.0 April 13, 2010 Symantec Control Compliance Suite 10.0 1
  • 2. Agenda 1 Symantec Vision for IT GRC 2 Introducing Control Compliance Suite 10.0 Symantec Control Compliance Suite 10.0 2
  • 3. A Holistic Approach to IT Governance, Risk Management, Compliance and Security Policy Driven Governance, Risk Management & Compliance Protect Infrastructure Protect Information ENDPOINT DISCOVERY NETWORK DATA LOSS PREVENTION MESSAGING ENCRYPTION WEB NETWORK ACCESS CONTROL DATA PROTECTION Risk-Prioritized Remediation Effective Systems Management Discover Inventory Configure Provision Patch Report Workflow CMDB Symantec Control Compliance Suite 10.0 3
  • 4. Enterprise Governance, Risk & Compliance – Key Concerns Security Risks Regulatory / Audit Compliance • Increasing Sophistication of Threats • Frequency of Assessments • Changing Infrastructure & Configurations • Internal and External Audit • Increasing Regulatory Mandates • Reporting to Multiple Constituencies Security & Compliance Costs • Overlapping matrix control objectives • Manual assessment of controls • Scale & Diversity of Environment Symantec Control Compliance Suite 10.0 4
  • 5. Introducing Control Compliance Suite 10.0 Symantec Control Compliance Suite 10.0 5
  • 6. IT GRC is a Complex Problem that Spans the Enterprise… TECHNICAL CONTROLS Automatically identify deviations from technical standards Identify critical vulnerabilities POLICY PROCEDURAL CONTROLS REPORT REMEDIATE Define and manage Gather results in one Replace paper-based central repository Remediate deficiencies policies for multiple surveys with web-based and deliver based on risk with mandates with out-of- questionnaires to dynamic web-based integration to popular the-box policy content. evaluate if polices were dashboards and ticketing systems Map policies to control statements. read and understood reports DATA CONTROLS Tight integration with 3rd PARTY DATA DLP to prioritize assessment and Combine remediation of assets evidence from based on value of data EVIDENCE multiple sources and map to policies ASSETS CONTROLS Symantec Control Compliance Suite 10.0 6
  • 7. Symantec Control Compliance Suite 10.0 TECHNICAL CONTROLS CCS Standards Manager CCS Vulnerability Manager POLICY PROCEDURAL CONTROLS REPORT REMEDIATE CCS Policy CCS Response CCS Symantec Manager Assessment Infrastructure Service Desk Manager DATA CONTROLS 3rd PARTY EVIDENCE DLP Discover EVIDENCE CCS Infrastructure ASSETS CONTROLS Symantec Control Compliance Suite 10.0 7
  • 8. Control Compliance Suit– A Holistic, Integrated Solution TECHNICAL CONTROLS POLICY PROCEDURAL CONTROLS REPORT REMEDIATE DATA CONTROLS 3rd PARTY EVIDENCE EVIDENCE ASSETS CONTROLS Symantec Control Compliance Suite 10.0 8
  • 9. Symantec Control Compliance Suite 10.0 – New Features CCS Vulnerability Manager Web-Based Dynamic Dashboards Integration with Data Loss Prevention 3rd Party Evidence Automation Symantec Control Compliance Suite 10.0 9
  • 10. Thank you! Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Symantec Control Compliance Suite 10.0 10
  • 11. Appendix Symantec Control Compliance Suite 10.0 11
  • 12. Control Compliance Suite Vulnerability Manager • Broadest and most accurate network scanning • Most accurate Web application and database scanning • Correlates vulnerabilities across multiple IT tiers • Categorize and prioritize vulnerability exposure • Superior risk assessment • Superior scalability and performance Symantec Control Compliance Suite 10.0 12
  • 13. Network and Operating Systems Coverage • More than 54,000 checks across 14,000+ vulnerabilities • High performance agent-less scanning • Updated vulnerability checks within 24 hours of Microsoft Patch Tuesday • Supports Red Hat Enterprise Linux • Supports: • Adobe Flash and Adobe Reader • Cisco IOS • Mozilla Firefox • Solaris • SunJVM • Unix Symantec Control Compliance Suite 10.0 13
  • 14. Web Application and Database Scanning • Vulnerability detection for AJAX and Web 2.0 applications “58% of vulnerabilities affect • Scans all forms of Web vulnerabilities Web applications” including all flavors of SQL injection “73% of vulnerabilities are and cross-site scripting easily exploitable” • Vulnerability content for 5 most Source: Symantec popular databases: • MySQL • Sybase • Informix “Database Servers represent • Oracle 75% of all breached records” • PostgreSQL Source: Verizon Symantec Control Compliance Suite 10.0 14
  • 15. Web-Based Dynamic Dashboards • Easy sharing of information • Web delivery • Print and export dashboards • Enhanced analytics • Drill down into panel data • Multiple panels in a single view • Page crosslink views for additional information Symantec Control Compliance Suite 10.0 15
  • 16. Web-Based Dynamic Dashboards • More customizable and flexible • User definable panels are visualizations of KPIs • Customizable dashboards contain multiple panels • Variable panel sizing • Maximize a panel • Layout, filters persisted Symantec Control Compliance Suite 10.0 16
  • 17. Integration with Symantec Data Loss Prevention • DLP Discovery identifies assets for compliance assessment • Create an asset group by tagging assets with most sensitive information • Prioritize these assets for technical control evaluations and elevate hardening measures • Show data leakage information side-by-side with CCS data Symantec Control Compliance Suite 10.0 17
  • 18. Content-Aware Technical Controls Discovery 3 Send incident and asset info New in v10 4 Scans assets to assess 2 server hardening and Crack Content and compliance Record Incidents Monitor assets for 5 correlated events SSIM 1 Scan and Retrieve Data Servers with HIPAA data Symantec Control Compliance Suite 10.0 18
  • 19. Integrated Compliance Reporting 1 Send incident and asset info 2 Map incidents to regulations & policies 4 Consolidate info on both DLP policy violations and compliance data in 3 Measure and report on dashboard views compliance to regulatory requirements Symantec Control Compliance Suite 10.0 19
  • 20. External Evidence System • Add, edit, delete external evidence providers • Define controls based on external evidence • Third party evidence available in content studio (Identified by Source) • Enables mapping to control statements Symantec Control Compliance Suite 10.0 20