Date post: | 05-Dec-2014 |
Category: |
Technology |
Upload: | symantec |
View: | 5,570 times |
Download: | 1 times |
Symantec Control Compliance Suite 10.0 1
Introducing Symantec Control Compliance Suite 10.0
April 13, 2010
Agenda
2
Symantec Vision for IT GRC1
Introducing Control Compliance Suite 10.02
Symantec Control Compliance Suite 10.0
A Holistic Approach to IT Governance, Risk Management, Compliance and Security
Policy Driven Governance, Risk Management & Compliance
Protect Infrastructure
ENDPOINT
NETWORK
MESSAGING
NETWORK ACCESS CONTROL
WEB
Protect Information
Discover Provision PatchConfigureInventory Report
CMDBWorkflow
DATA LOSS PREVENTION
ENCRYPTION
DISCOVERY
DATA PROTECTION
Risk-Prioritized Remediation
Effective Systems Management
3Symantec Control Compliance Suite 10.0
Enterprise Governance, Risk & Compliance – Key Concerns
• Increasing Sophistication of Threats
• Changing Infrastructure & Configurations
• Increasing Regulatory Mandates
Security Risks
• Overlapping matrix control objectives
• Manual assessment of controls
• Scale & Diversity of Environment
Security & Compliance Costs
• Frequency of Assessments
• Internal and External Audit
• Reporting to Multiple Constituencies
Regulatory / Audit Compliance
4Symantec Control Compliance Suite 10.0
Introducing Control Compliance Suite 10.0
5Symantec Control Compliance Suite 10.0
Automatically identify
deviations from technical
standards
Identify critical
vulnerabilities
Replace paper-based
surveys with web-based
questionnaires to
evaluate if polices were
read and understood
PROCEDURAL CONTROLS
IT GRC is a Complex Problem that Spans the Enterprise…
Define and manage
policies for multiple
mandates with out-of-
the-box policy content.
Map policies to control
statements.
POLICY
Gather results in one
central repository
and deliver
dynamic web-based
dashboards and
reports
REPORT
Remediate deficiencies
based on risk with
integration to popular
ticketing systems
REMEDIATE
Combine
evidence from
multiple sources
and map to
policies
3rd PARTY DATATight integration with
DLP to prioritize
assessment and
remediation of assets
based on value of data
DATACONTROLS
TECHNICAL CONTROLS
ASSETS CONTROLS
EVIDENCE
6Symantec Control Compliance Suite 10.0
REPORT
ASSETS CONTROLS
EVIDENCE
Symantec Control Compliance Suite 10.0
PROCEDURAL CONTROLSPOLICY REMEDIATE
3rd PARTY EVIDENCE
DATACONTROLS
TECHNICAL CONTROLS
CCS Policy
Manager
CCS Response
Assessment
Manager
CCS Standards
Manager
CCS Vulnerability
Manager
DLP Discover
Symantec
Service Desk
CCS
Infrastructure
CCS
Infrastructure
7Symantec Control Compliance Suite 10.0
Control Compliance Suit– A Holistic, Integrated Solution
PROCEDURAL CONTROLSPOLICY REPORT REMEDIATE
3rd PARTY EVIDENCE
DATACONTROLS
TECHNICAL CONTROLS
ASSETS CONTROLS
EVIDENCE
8Symantec Control Compliance Suite 10.0
Symantec Control Compliance Suite 10.0 – New Features
9
CCS Vulnerability Manager
Web-Based Dynamic Dashboards
Integration with Data Loss Prevention
3rd Party Evidence Automation
Symantec Control Compliance Suite 10.0
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
10Symantec Control Compliance Suite 10.0
Appendix
11Symantec Control Compliance Suite 10.0
Control Compliance Suite Vulnerability Manager
12
• Broadest and most accurate network scanning
• Most accurate Web application and database scanning
• Correlates vulnerabilities across multiple IT tiers
• Categorize and prioritize vulnerability exposure
• Superior risk assessment
• Superior scalability and performance
Symantec Control Compliance Suite 10.0
Network and Operating Systems Coverage
13
• More than 54,000 checks across 14,000+ vulnerabilities
• High performance agent-less scanning
• Updated vulnerability checks within 24 hours of Microsoft Patch Tuesday
• Supports Red Hat Enterprise Linux
• Supports:• Adobe Flash and Adobe Reader• Cisco IOS• Mozilla Firefox • Solaris • SunJVM• Unix
Symantec Control Compliance Suite 10.0
Web Application and Database Scanning
14
• Vulnerability detection for AJAX and Web 2.0 applications
• Scans all forms of Web vulnerabilities including all flavors of SQL injection and cross-site scripting
• Vulnerability content for 5 most popular databases:
• MySQL• Sybase• Informix• Oracle• PostgreSQL
“58% of vulnerabilities affect Web applications”
“73% of vulnerabilities are easily exploitable”
Source: Symantec
“Database Servers represent 75% of all breached records”
Source: Verizon
Symantec Control Compliance Suite 10.0
Web-Based Dynamic Dashboards
15
• Easy sharing of information
• Web delivery
• Print and export dashboards
• Enhanced analytics
• Drill down into panel data
• Multiple panels in a single view
• Page crosslink views for additional information
Symantec Control Compliance Suite 10.0
Web-Based Dynamic Dashboards
16Symantec Control Compliance Suite 10.0
• More customizable and flexible
• User definable panels are visualizations of KPIs
• Customizable dashboards contain multiple panels
• Variable panel sizing
• Maximize a panel
• Layout, filters persisted
Integration with Symantec Data Loss Prevention
17Symantec Control Compliance Suite 10.0
• DLP Discovery identifies assets for compliance assessment
• Create an asset group by tagging assets with most sensitive information
• Prioritize these assets for technical control evaluations and elevate hardening measures
• Show data leakage information side-by-side with CCS data
Content-Aware Technical Controls Discovery
18
Servers with
HIPAA data
Crack Content and
Record Incidents
Scan and Retrieve Data1
2
3 Send incident and asset info
4 Scans assets to assess
server hardening and
compliance
New
in v10
SSIM
Monitor assets for
correlated events5
Symantec Control Compliance Suite 10.0
19
1
2
3
Send incident and asset info
4
Map incidents to
regulations & policies
Measure and report on
compliance to regulatory
requirements
Consolidate info on both
DLP policy violations
and compliance data in
dashboard views
Integrated Compliance Reporting
Symantec Control Compliance Suite 10.0
External Evidence System
• Add, edit, delete external evidence providers
• Define controls based on external evidence
• Third party evidence available in content studio (Identified by Source)
• Enables mapping to control statements
20Symantec Control Compliance Suite 10.0