Symantec control compliance suite

Symantec Control Compliance Suite 10.5February 3, 2011

80% of Organizations Lack Visibility into IT RisksQuestion: What Color is Your Information Risk Today? For 1-in-10, it takes For 2-in-10, it takes more than one day -to- one week to nine months to find find the answer the answer For 1-in-10, it takes between one For 6-in-10, it takes between week and three months three and nine months to to find the answer find the answer Source: IT Policy Compliance Group, 2011 N: 1,202Symantec Control Compliance Suite 10.5 2

Why are so Many Organizations Flying Blind? Inadequate Controls Lack a Holistic View of Inability to Prioritize Assessments Risk and Report on Risk • Fail to standardize on • Diverse IT environments • Unable to identify controls frameworks • Decentralized data highest priority IT risks • Manual controls collection • Reports lack actionable mapping • Rationalizing data from data to drive resolution • Keeping up with multiple sources • Unable to report on key regulatory changes risks per stakeholderSymantec Control Compliance Suite 10.5 3

Symantec Control Compliance Suite TECHNICAL CONTROLS • Symantec™ Control Compliance Suite Standards Manager • Symantec™ Control Compliance Suite Vulnerability Manager REPORT REMEDIATE POLICY PROCEDURAL CONTROLS • Symantec™ Control • Symantec™• Symantec™ Control • Symantec™ Control Compliance Suite ServiceDesk 7.0 Compliance Suite Compliance Suite EVIDENCE (Infrastructure) Policy Manager Response Assessment Manager ASSETS CONTROLS DATA CONTROLS • Symantec™ Data Loss Prevention Discover 3RD PARTY EVIDENCE • Symantec™ Control Compliance Suite (Infrastructure) Symantec Control Compliance Suite 10.5 4

Control Compliance Suite 10.5 – What’s New? Improved Risk Management Capabilities • SCAP support provides shared view of IT risks • New workflow integration helps manage people risks More Holistic View of IT Risk • Out-of-box dashboard connectors expand risk views More Comprehensive Controls Assessments • Support for PCI 2.0 and SCAP benchmarks • FDCC support for better desktop controls • OWASP support for better Web application controlsSymantec Control Compliance Suite 10.5 5

SCAP Support Provides Shared View of IT Risks• Security Content Automation Protocol• Developed by National Institute of Standards and Technology (NIST)• Better visibility into IT infrastructure • Standard way to write security checks • Eliminates need to rationalize data from multiple sources • Easily downloadable file updates – scan based on latest standards• Common framework provides a shared view of IT risks for better prioritization and faster remediationSymantec Control Compliance Suite 10.5 6

Manage People Risk With Workflow Integration• New workflow integration with Symantec Data Loss Prevention• Target security awareness training at individuals in violation of data protection policy• New questionnaire summary pages – Overview of key security awareness risks – Drill down into more detail for remediation effortsSymantec Control Compliance Suite 10.5 7

Control Compliance Suite 10.5 – What’s New Improved Risk Management Capabilities • SCAP support provides shared view of IT risks • New workflow integration helps manage people risk More Holistic View of Risk • Out-of-box dashboard connectors expand risk views More Comprehensive Controls Assessments • Support for PCI 2.0 and SCAP benchmarks • FDCC support for better desktop controls • OWASP support for better Web application controlsSymantec Control Compliance Suite 10.5 8

Out-of-Box Dashboard Connectors Expand Risk Views• Automatically collect data from CCS Response Assessment Manager• Populate pre-defined dashboard panels• Side by side view of risks for greater insights – e.g. – Data policy violations – Results of employee security awareness – Compliance posture of critical servers• Future releases to bring in data on – Critical vulnerabilities – Latest security threats – Real-time file integrity monitoringSymantec Control Compliance Suite 10.5 9

Control Compliance Suite 10.5 – What’s New Improved Risk Management Capabilities • SCAP support provides shared view of IT risks • New workflow integration helps manage people risk More Holistic View of Risk • Out-of-the-box dashboard connectors expand risk views More Comprehensive Controls Assessments • Support for PCI 2.0 and SCAP benchmarks • FDCC support for better desktop controls • OWASP support for better Web application controlsSymantec Control Compliance Suite 10.5 10

CCS 10.5FDCC Support for Better Desktop Controls• 85% of total reported security breaches can be traced to end user actions*• Built-in support for Federal Desktop Core Configuration (FDCC)• Common industry standard for US Federal government• Protects desktops against harmful configuration changes and vulnerabilities• Simplifies desktop security • Easily import monthly updates • Report on results in FDCC format *Michael Bednarczyk, Information Week AnalyticsSymantec Control Compliance Suite 10.5 11

OWASP Support for Better Web Application Controls • In 2009 there were 5,500+ unique vulnerabilities in Web applications alone* • Built-in support for Open Web Application Security Protocol • Technical standards for securing Web applications • Focuses on top 10 vulnerabilities • Automatically identify and remediate risks before they are exploited • Adopted by PCI Security Standards Council *Symantec Global Internet Security Threat ReportSymantec Control Compliance Suite 10.5 12

Thank you! Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.Symantec Control Compliance Suite 10.5 13

http://itindustrytrends.com	17
http://www.symantec.com	8
http://stage-community.symantec.com	4
http://shs	1
http://bsmith-community.symantec.com	1

Symantec control compliance suite

by Symantec on Feb 02, 2011

Accessibility

Categories

Upload Details

Usage Rights

5 Embeds 31

Statistics

Symantec control compliance suite Presentation Transcript