Symantec Control Compliance Suite 10.0 is a holistic, fully-automated solution to manage all aspects of IT risk and compliance. It is expected to provide even greater visibility into an organization’s security and compliance posture while still lowering compliance cost and complexity.
Symantec Control Compliance Suite 11, February 2012Symantec
Symantec Control Compliance Suite 11 is the latest version of its enterprise-class IT governance, risk and compliance (GRC) solution. It will feature the new Control Compliance Suite Risk Manager module which enables security leaders to better understand and communicate risks to the business environment from their IT infrastructure. Risk Manager translates technical issues into risks relevant to business processes, delivers customized views of IT risk for different stakeholders, and helps prioritize remediation efforts based on business criticality rather than technical severity.
Symantec Brightmail Gateway 9.0 and Symantec Brightmail Gateway 9.0 Small Business Edition deliver enhanced protection through real-time updates, provide greater control through integrated email encryption and offer increased scalability to meet the needs of both enterprises and small businesses.
Symantec will unify information security management across endpoints, gateways and servers, and deliver targeted protection for the Enterprise with the release of new Symantec Protection Suites.
Symantec Control Compliance Suite 11, February 2012Symantec
Symantec Control Compliance Suite 11 is the latest version of its enterprise-class IT governance, risk and compliance (GRC) solution. It will feature the new Control Compliance Suite Risk Manager module which enables security leaders to better understand and communicate risks to the business environment from their IT infrastructure. Risk Manager translates technical issues into risks relevant to business processes, delivers customized views of IT risk for different stakeholders, and helps prioritize remediation efforts based on business criticality rather than technical severity.
Symantec Brightmail Gateway 9.0 and Symantec Brightmail Gateway 9.0 Small Business Edition deliver enhanced protection through real-time updates, provide greater control through integrated email encryption and offer increased scalability to meet the needs of both enterprises and small businesses.
Symantec will unify information security management across endpoints, gateways and servers, and deliver targeted protection for the Enterprise with the release of new Symantec Protection Suites.
For an organization to function efficiently it is important to have security controls to ensure the protection of confidentiality, integrity and availability of information and systems. Compliance is the process of ensuring all systems in an organization met a set of predefined specific rules.
In this article we will address the need for compliance automation and how SecPod’s Saner provides enterprises the ability to automate compliance while minimizing time spent on non-compliant state.
ControlCase covers the following:
- What is CMMC?
- Who does CMMC apply to?
What is the accreditation body (CMMC-AB)?
- What is a CMMC Third Party Organization (C3PAO)?
- What does CMMC mean for Cybersecurity?
- What are the CMMC certification levels?
- How often is CMMC needed?
- CMMC and NIST
- What is the CMMC Assessment process?
TrustedAgent GRC streamlines the complexity of obtaining security authorization from FedRAMP for cloud IaaS, PaaS, and SaaS services and applications. From tracking evidence and key control implementation to create key deliverables like security plans and managing continuous monitoring for ongoing compliance. TrustedAgent significantly reduces the amount of work to be done manually including managing vulnerabilities from ongoing compliance. Download and contact us to learn more how TrustedAgent GRC can create opportunities for your cloud offerings in the Federal Government.
In this video, you will learn:
1. How to specify the scope of Federal Contract Information (FCI) Assets
in your CMMC 2.0 Level 1 Self-Assessment.
2. What is the scope of CMMC 2.0 Level 2 Assessment?
3. How to map and categorize organizational assets?
4. What are the ways to reduce the scope of your assessment?
Learn more from the video: https://youtu.be/Tp3rya6EZCA
BMC - Response to the SolarWinds Breach/MalwareMike Rizzo
BMC response to the SolarWinds Breach
Critical compromise to the Solarwinds Orion platform has created an immediate need to respond to the threat from a likely state sponsored actor (Russia)
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
Symantec Endpoint Protection 12, optimized for virtual environments, offers organizations the vital protection needed to effectively safeguard information from attackers. Symantec Protection Center 2.0 draws upon correlated visibility from multiple security products to provide relevant actionable intelligence that reduces risks to business.
Federal Agencies & Cloud Service Providers meeting FISMA requirements via FedRAMP
This presentation covers Federal Risk Authorization Management Program with FISMA, SCAP and Federal Data Center Consolidation Initiative to clarify how US government agencies purchase cloud services need to meet Federal Information Security Management Act (FISMA) requirements.
January 2013 - The FedRAMP Joint Authorization Board has granted its first provisional authorization to Autonomic Resources, who used Veris Group as their FedRAMP accredited 3PAO.
Presentation from AWS Worldwide Public Sector team's conference Building and Securing Applications in the Cloud (http://aws.amazon.com/campaigns/building-securing-applications-cloud/).
Gjennomgang System Center og Forefront produkter, nyheter.
Operation Manager, Virtual Machine Manager, Service Manager, Essentials,
Forefront Endpoint Protection, Management i Cloud med Windows Intune. Suite Lisensiering
For an organization to function efficiently it is important to have security controls to ensure the protection of confidentiality, integrity and availability of information and systems. Compliance is the process of ensuring all systems in an organization met a set of predefined specific rules.
In this article we will address the need for compliance automation and how SecPod’s Saner provides enterprises the ability to automate compliance while minimizing time spent on non-compliant state.
ControlCase covers the following:
- What is CMMC?
- Who does CMMC apply to?
What is the accreditation body (CMMC-AB)?
- What is a CMMC Third Party Organization (C3PAO)?
- What does CMMC mean for Cybersecurity?
- What are the CMMC certification levels?
- How often is CMMC needed?
- CMMC and NIST
- What is the CMMC Assessment process?
TrustedAgent GRC streamlines the complexity of obtaining security authorization from FedRAMP for cloud IaaS, PaaS, and SaaS services and applications. From tracking evidence and key control implementation to create key deliverables like security plans and managing continuous monitoring for ongoing compliance. TrustedAgent significantly reduces the amount of work to be done manually including managing vulnerabilities from ongoing compliance. Download and contact us to learn more how TrustedAgent GRC can create opportunities for your cloud offerings in the Federal Government.
In this video, you will learn:
1. How to specify the scope of Federal Contract Information (FCI) Assets
in your CMMC 2.0 Level 1 Self-Assessment.
2. What is the scope of CMMC 2.0 Level 2 Assessment?
3. How to map and categorize organizational assets?
4. What are the ways to reduce the scope of your assessment?
Learn more from the video: https://youtu.be/Tp3rya6EZCA
BMC - Response to the SolarWinds Breach/MalwareMike Rizzo
BMC response to the SolarWinds Breach
Critical compromise to the Solarwinds Orion platform has created an immediate need to respond to the threat from a likely state sponsored actor (Russia)
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
Symantec Endpoint Protection 12, optimized for virtual environments, offers organizations the vital protection needed to effectively safeguard information from attackers. Symantec Protection Center 2.0 draws upon correlated visibility from multiple security products to provide relevant actionable intelligence that reduces risks to business.
Federal Agencies & Cloud Service Providers meeting FISMA requirements via FedRAMP
This presentation covers Federal Risk Authorization Management Program with FISMA, SCAP and Federal Data Center Consolidation Initiative to clarify how US government agencies purchase cloud services need to meet Federal Information Security Management Act (FISMA) requirements.
January 2013 - The FedRAMP Joint Authorization Board has granted its first provisional authorization to Autonomic Resources, who used Veris Group as their FedRAMP accredited 3PAO.
Presentation from AWS Worldwide Public Sector team's conference Building and Securing Applications in the Cloud (http://aws.amazon.com/campaigns/building-securing-applications-cloud/).
Gjennomgang System Center og Forefront produkter, nyheter.
Operation Manager, Virtual Machine Manager, Service Manager, Essentials,
Forefront Endpoint Protection, Management i Cloud med Windows Intune. Suite Lisensiering
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
This presentation describes seven typical IT security compliance errors and outlines the best practices you can immediately apply to your environment to help your company achieve compliance.
Presentation from the 5th itSMF SEE Regional Event on title: KEY ITSM DRIVERS FOR BUSINESS SUCCESS.The conference covered more than 30 inspiring and thought-provoking sessions, and as such it was the biggest and best-ever IT Service Management programme of seminars, panel discussions and keynotes in South East Europe. (http://www.itsmf.org.rs/drupal/content/itsmf-see-2011-programme)
Online version of the presentation - http://prezi.com/lstdrvohprmp/belgrad-prezentacija/
In de praktijk blijkt het vaak lastig te bepalen welke risico’s een organisatie loopt en wat daarvoor een passend beveiligingsniveau is. Deze kennis is echter wel noodzakelijk om de juiste maatregelen te nemen en effectief in informatiebeveiliging te investeren. Pinewood organiseerde op 12 december 2012 in samenwerking met McAfee een seminar die hierop inspeelde. Handige tools zoals Risk Management en McAfee Nitro (het SIEM product van McAfee) en de pragmatische aanpak van Pinewood bieden concrete handvatten en inzicht om tot een effectief informatiebeveiligingsbeleid te komen.
Juniper Networks introduced its SDN strategy during its 2013 Global Partner Conference. Executive Vice President of the Software Solutions Division, Bob Muglia, introduced the company's vision, strategy and licensing model for the SDN transition.
Up-front design of your AWS account can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Secure by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability to meet the compliance needs across multiple industry verticals (e.g. HIPAA, FISMA, PCI, etc.). This will include operational reporting through the use of AWS services (e.g. Config/Config Rules, CloudTrail, Inspector, etc.) as well as partner integration capabilities with partner solutions such as Splunk and Allgress for real-time governance, risk, and compliance reporting. Key takeaways from this session include: learning AWS Security best practices and automation capabilities for securing your environment, Automation accelerators for configuration, compliance, and audit reporting using CloudFormation, Config/Config Rules, CloudTrail, Inspector, etc., and ISV integration for real-time notification and reporting for security, compliance, and auditing in the cloud.
Symantec Enterprise Security Products are now part of BroadcomSymantec
Symantec Enterprise Security Products are now part of Broadcom. The consumer division of Symantec Corp. is now NortonLifeLock Inc. -- a standalone company dedicated to consumer cyber safety.
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
Youth in foster care face unique risks to their identity.In this webinar we discuss the risks, as well as tips for better protection. Watch on demand here: https://symc.ly/2N8cELV.
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
Learn how to protect your data during Symantec's National Cyber Security Awareness Month webinar with the Identity Theft Resource Center and Infolock.To watch on demand https://symc.ly/2VMMWQX.
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
Symantec, TechSoup and the Michigan Small Business Development Center share how to apply added layers of security to your devices and online accounts. Watch on-demand recording here: https://symc.ly/33ifcxo.
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
View this webinar from Symantec and NCSAM partners, the National PTA, Connect Safety and the National Cyber Security Alliance, to learn how to protect the devices you use day to day.
Watch on demand here: https://symc.ly/2nLyXyB
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
On January 1, 2020, one of the strictest privacy laws in the US, the California Consumer Privacy Act (CCPA), will come into effect. What should governance, risk and compliance executives know in order to prepare for CCPA? Watch the on demand recording here: https://symc.ly/2Pn7tvW.
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
Experts from Symantec and MITRE explore the latest research and best practices for detecting targeted ransomware in your environment.
Watch on-demand webinar here: https://symc.ly/2L7ESFI.
This webinar will explore the less-discussed topics of a mobile security strategy that everyone should understand – before it’s too late. Watch on-demand here: https://symc.ly/2z6hUsM.
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
There is an art to securely using cloud apps and services, including SaaS, PaaS, and IaaS. In this Symantec webcast, hear from Steve Riley, a Gartner senior director analyst who focuses on public cloud security, and Eric Andrews, Symantec’s vice president of cloud security, as they share best practices with practical tips for deploying CASB. Watch here: https://symc.ly/2QTyUec.
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
This webinar to shares insight into how an Advanced Threat Assessment does root analysis to uncover unknown, unique threats happening in your environment. Watch here: https://symc.ly/2W52MoA
Learn if you’ve got the right security strategy, and investment plan, to protect your organization and ensure regulatory compliance with the General Data Protection Regulation (GDPR). Watch now here: https://symc.ly/2VMNHIm
2019 Symantec Internet Security Threat Report (ISTR): The New Threat Landscape presented by Kevin Haley, Director Product Management, Security Technology & Response, Symantec. Watch webinar recording here: https://symc.ly/2FJ9T18.
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
Gain valuable insight whether you’re well on your way to Zero Trust implementation or are just considering it. Watch the original webinar here https://www.symantec.com/about/webcasts?commid=347274.
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
First-hand insights on the newest cloud-delivered endpoint security solutions. Hear from Joakim Liallias, Symantec and special guest speakers Sundeep Vijeswarapu from PayPal and top industry analyst Fernando Montenegro, 451 Research. Listen here: https://symc.ly/2UY2TlS.
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
Learn how Symantec Endpoint Protection & Response (EDR) and the MITRE ATT&CK framework can expose and thwart persistent adversaries like APT28 otherwise known as Fancy Bear. Watch Webinar here: https://symc.ly/2WyPD8I
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
When stars align: studies in data quality, knowledge graphs, and machine lear...
Control Compliance Suite 10
1. Introducing Symantec
Control Compliance Suite 10.0
April 13, 2010
Symantec Control Compliance Suite 10.0 1
2. Agenda
1 Symantec Vision for IT GRC
2 Introducing Control Compliance Suite 10.0
Symantec Control Compliance Suite 10.0 2
3. A Holistic Approach to IT Governance, Risk
Management, Compliance and Security
Policy Driven Governance, Risk Management & Compliance
Protect Infrastructure Protect Information
ENDPOINT DISCOVERY
NETWORK
DATA LOSS PREVENTION
MESSAGING
ENCRYPTION
WEB
NETWORK ACCESS CONTROL DATA PROTECTION
Risk-Prioritized Remediation
Effective Systems Management
Discover Inventory Configure Provision Patch Report
Workflow CMDB
Symantec Control Compliance Suite 10.0 3
4. Enterprise Governance, Risk & Compliance – Key
Concerns
Security Risks Regulatory / Audit Compliance
• Increasing Sophistication of Threats • Frequency of Assessments
• Changing Infrastructure & Configurations • Internal and External Audit
• Increasing Regulatory Mandates • Reporting to Multiple Constituencies
Security & Compliance Costs
• Overlapping matrix control objectives
• Manual assessment of controls
• Scale & Diversity of Environment
Symantec Control Compliance Suite 10.0 4
6. IT GRC is a Complex Problem that Spans the
Enterprise…
TECHNICAL CONTROLS
Automatically identify
deviations from technical
standards
Identify critical
vulnerabilities
POLICY PROCEDURAL CONTROLS REPORT REMEDIATE
Define and manage Gather results in one
Replace paper-based central repository Remediate deficiencies
policies for multiple
surveys with web-based and deliver based on risk with
mandates with out-of-
questionnaires to dynamic web-based integration to popular
the-box policy content.
evaluate if polices were dashboards and ticketing systems
Map policies to control
statements. read and understood reports
DATA
CONTROLS
Tight integration with 3rd PARTY DATA
DLP to prioritize
assessment and Combine
remediation of assets evidence from
based on value of data EVIDENCE multiple sources
and map to
policies
ASSETS CONTROLS
Symantec Control Compliance Suite 10.0 6
7. Symantec Control Compliance Suite 10.0
TECHNICAL CONTROLS
CCS Standards
Manager
CCS Vulnerability
Manager
POLICY PROCEDURAL CONTROLS REPORT REMEDIATE
CCS Policy CCS Response CCS
Symantec
Manager Assessment Infrastructure
Service Desk
Manager
DATA
CONTROLS
3rd PARTY
EVIDENCE
DLP Discover
EVIDENCE CCS
Infrastructure
ASSETS CONTROLS
Symantec Control Compliance Suite 10.0 7
8. Control Compliance Suit– A Holistic, Integrated Solution
TECHNICAL CONTROLS
POLICY PROCEDURAL CONTROLS REPORT REMEDIATE
DATA
CONTROLS
3rd PARTY
EVIDENCE
EVIDENCE
ASSETS CONTROLS
Symantec Control Compliance Suite 10.0 8
9. Symantec Control Compliance Suite 10.0 – New Features
CCS Vulnerability Manager
Web-Based Dynamic
Dashboards
Integration with Data Loss
Prevention
3rd Party Evidence
Automation
Symantec Control Compliance Suite 10.0 9
12. Control Compliance Suite Vulnerability Manager
• Broadest and most accurate network
scanning
• Most accurate Web application and
database scanning
• Correlates vulnerabilities across
multiple IT tiers
• Categorize and prioritize vulnerability
exposure
• Superior risk assessment
• Superior scalability and performance
Symantec Control Compliance Suite 10.0 12
13. Network and Operating Systems Coverage
• More than 54,000 checks across
14,000+ vulnerabilities
• High performance agent-less scanning
• Updated vulnerability checks within
24 hours of Microsoft Patch Tuesday
• Supports Red Hat Enterprise Linux
• Supports:
• Adobe Flash and Adobe Reader
• Cisco IOS
• Mozilla Firefox
• Solaris
• SunJVM
• Unix
Symantec Control Compliance Suite 10.0 13
14. Web Application and Database Scanning
• Vulnerability detection for AJAX and
Web 2.0 applications “58% of vulnerabilities affect
• Scans all forms of Web vulnerabilities Web applications”
including all flavors of SQL injection
“73% of vulnerabilities are
and cross-site scripting easily exploitable”
• Vulnerability content for 5 most Source: Symantec
popular databases:
• MySQL
• Sybase
• Informix “Database Servers represent
• Oracle 75% of all breached records”
• PostgreSQL
Source: Verizon
Symantec Control Compliance Suite 10.0 14
15. Web-Based Dynamic Dashboards
• Easy sharing of information
• Web delivery
• Print and export dashboards
• Enhanced analytics
• Drill down into panel data
• Multiple panels in a single
view
• Page crosslink views for
additional information
Symantec Control Compliance Suite 10.0 15
16. Web-Based Dynamic Dashboards
• More customizable and
flexible
• User definable panels are
visualizations of KPIs
• Customizable dashboards
contain multiple panels
• Variable panel sizing
• Maximize a panel
• Layout, filters persisted
Symantec Control Compliance Suite 10.0 16
17. Integration with Symantec Data Loss Prevention
• DLP Discovery identifies assets for
compliance assessment
• Create an asset group by tagging
assets with most sensitive
information
• Prioritize these assets for
technical control evaluations and
elevate hardening measures
• Show data leakage information
side-by-side with CCS data
Symantec Control Compliance Suite 10.0 17
18. Content-Aware Technical Controls
Discovery
3 Send incident and asset info
New
in v10
4 Scans assets to assess
2 server hardening and
Crack Content and compliance
Record Incidents
Monitor assets for
5
correlated events
SSIM
1 Scan and Retrieve Data
Servers with
HIPAA data
Symantec Control Compliance Suite 10.0
18
19. Integrated Compliance Reporting
1 Send incident and asset info
2 Map incidents to
regulations & policies
4
Consolidate info on both
DLP policy violations
and compliance data in 3 Measure and report on
dashboard views compliance to regulatory
requirements
Symantec Control Compliance Suite 10.0
19
20. External Evidence System
• Add, edit, delete external
evidence providers
• Define controls based on
external evidence
• Third party evidence
available in content studio
(Identified by Source)
• Enables mapping to control
statements
Symantec Control Compliance Suite 10.0 20