Symantec today introduced the next version of its Symantec Control Compliance Suite, the company’s solution designed to address IT risk and compliance challenges.
New features in Symantec Control Compliance Suite 10.5 help organizations better manage IT risk while achieving a more holistic view of risk across their IT infrastructure. The latest release also continues to provide support for the latest regulatory and security standards and further expands upon integrated native assessment capabilities.
A surprisingly high, 80 percent of organizations have poor visibility into their IT risk, taking three to nine months or longer to classify their IT risk levels, according to a recent report from The IT Policy Compliance Group.
“Organizations with the best insight into IT risks have the ability to sort through thousands of IT issues on a daily basis and prioritize remediation efforts to focus on protecting their most critical assets and data first,” notes Jim Hurley, managing director of the IT Policy Compliance Group.
The latest version of Control Compliance Suite expands upon Symantec’s prioritized approach to managing IT risks with built-in support for the new Security Content Automation Protocol (SCAP) benchmarks and deeper integration with Symantec Data Loss Prevention. SCAP (Developed by the National Institute of Standards and Technology), provides organizations with a standardized approach to writing security checks and reporting on configuration and vulnerability information across multiple vendors’ solutions. This common framework facilitates a shared view of IT risks allowing organizations to more quickly prioritize and remediate the most important issues found.
New workflow integration with Symantec Data Loss Prevention allows organizations to automatically target security awareness training at individuals who have violated data protection policies. Summary pages from these questionnaires deliver an overview of where key security awareness risks are, and have the ability to drill down into more detail to assist in remediation efforts.
Previous releases provided the ability to integrate data from Symantec Data Loss Prevention as well as third party applications such as firewalls, event management systems and vulnerability management solutions. The newest version of Symantec Control Compliance Suite expands upon this capability with new out-of-the-box connectors to automatically collect security awareness survey results from the Symantec Control Compliance Suite Response Assessment Manager. For example, a business unit manager can now view a Symantec Data Loss Prevention policy violation alongside results of who passed security awareness training and information on the compliance posture of servers hosting his most critical data.
Symantec Control Compliance Suite has built-in content covering multiple IT control frameworks and regulations, coupled with automatic updates to help ensure controls assessments are based on the latest standards, including support for PCI 2.0 and the new SCAP benchmarks.
This latest release also broadens technical control assessment capabilities to include Federal Desktop Core Configuration Standard (FDCC) support for desktops and Open Web Application Security Project (OWASP) support for Web applications. FDCC helps protect desktops against harmful configuration changes and vulnerabilities while OWASP delivers a technical security standard for web applications by focusing on the top 10 most common vulnerabilities.
According to Gary Davis, Manager of McAfee’s Risk & Compliance portfolio of products and a SecurityWeek contributor, “You need to be able to see everything that contributes to the risk equation: threats, asset criticality, vulnerabilities and in-place countermeasures. Effective risk management depends on real-time, end-to-end knowledge of everything in the risk equation. Only when you have this visibility can your company begin to effectively understand risk and optimize security controls to mitigate it,” Davis writes.