+ All Categories
Home > Technology > Symantec control compliance suite

Symantec control compliance suite

Date post: 18-Nov-2014
Category:
Upload: symantec
View: 3,854 times
Download: 0 times
Share this document with a friend
Description:
 
13
Symantec Control Compliance Suite 10.5 February 3, 2011
Transcript
Page 1: Symantec control compliance suite

Symantec Control Compliance Suite 10.5

February 3, 2011

Page 2: Symantec control compliance suite

80% of Organizations Lack Visibility into IT Risks

2

Question: What Color is Your Information Risk Today?

For 2-in-10, it takes more than

nine months to find

the answer

For 1-in-10, it takes

one day -to- one week to

find the answer

For 1-in-10, it takes between one

week and three months

to find the answer

For 6-in-10, it takes between

three and nine months to

find the answer

Source: IT Policy Compliance Group, 2011 N: 1,202

Symantec Control Compliance Suite 10.5

Page 3: Symantec control compliance suite

Why are so Many Organizations Flying Blind?

3

Lack a Holistic View of Risk

• Diverse IT environments

• Decentralized data collection

• Rationalizing data from multiple sources

Inability to Prioritize and Report on Risk

• Unable to identify highest priority IT risks

• Reports lack actionable data to drive resolution

• Unable to report on key risks per stakeholder

Inadequate Controls Assessments

• Fail to standardize on controls frameworks

• Manual controls mapping

• Keeping up with regulatory changes

Symantec Control Compliance Suite 10.5

Page 4: Symantec control compliance suite

CONTROLS

ASSETS

EVIDENCE

Symantec Control Compliance Suite

4Symantec Control Compliance Suite 10.5

TECHNICAL CONTROLS

3RD PARTY EVIDENCE

DATA CONTROLS

PROCEDURAL CONTROLSPOLICYREPORT REMEDIATE

• Symantec™ Control Compliance Suite Policy Manager

• Symantec™ Control Compliance Suite

Standards Manager

• Symantec™ Control Compliance Suite

Response Assessment Manager

• Symantec™ ControlCompliance Suite (Infrastructure)

• Symantec™ ServiceDesk 7.0

• Symantec™ ControlCompliance Suite (Infrastructure)

• Symantec™ Data Loss Prevention Discover

• Symantec™ Control Compliance Suite

Vulnerability Manager

Page 5: Symantec control compliance suite

• SCAP support provides shared view of IT risks

• New workflow integration helps manage people risks

Improved Risk Management Capabilities

• Out-of-box dashboard connectors expand risk views

More Holistic View of IT Risk

• Support for PCI 2.0 and SCAP benchmarks

• FDCC support for better desktop controls

• OWASP support for better Web application controls

More Comprehensive Controls Assessments

Symantec Control Compliance Suite 10.5 5

Control Compliance Suite 10.5 – What’s New?

Page 6: Symantec control compliance suite

SCAP Support Provides Shared View of IT Risks

Symantec Control Compliance Suite 10.5 6

• Security Content Automation Protocol

• Developed by National Institute of Standards and Technology (NIST)

• Better visibility into IT infrastructure

• Standard way to write security checks

• Eliminates need to rationalize data from multiple sources

• Easily downloadable file updates – scan based on latest standards

• Common framework provides a shared view of IT risks for better prioritization and faster remediation

Page 7: Symantec control compliance suite

Manage People Risk With Workflow Integration

• New workflow integration with Symantec Data Loss Prevention

• Target security awareness training at individuals in violation of data protection policy

• New questionnaire summary pages

– Overview of key security awareness risks

– Drill down into more detail for remediation efforts

Symantec Control Compliance Suite 10.5 7

Page 8: Symantec control compliance suite

Control Compliance Suite 10.5 – What’s New

• SCAP support provides shared view of IT risks

• New workflow integration helps manage people risk

Improved Risk Management Capabilities

• Out-of-box dashboard connectors expand risk views

More Holistic View of Risk

• Support for PCI 2.0 and SCAP benchmarks

• FDCC support for better desktop controls

• OWASP support for better Web application controls

More Comprehensive Controls Assessments

Symantec Control Compliance Suite 10.5 8

Page 9: Symantec control compliance suite

Out-of-Box Dashboard Connectors Expand Risk Views

• Automatically collect data from CCS Response Assessment Manager

• Populate pre-defined dashboard panels

• Side by side view of risks for greater insights – e.g.

– Data policy violations

– Results of employee security awareness

– Compliance posture of critical servers

• Future releases to bring in data on

– Critical vulnerabilities

– Latest security threats

– Real-time file integrity monitoring

Symantec Control Compliance Suite 10.5 9

Page 10: Symantec control compliance suite

Control Compliance Suite 10.5 – What’s New

• SCAP support provides shared view of IT risks

• New workflow integration helps manage people risk

Improved Risk Management Capabilities

• Out-of-the-box dashboard connectors expand risk views

More Holistic View of Risk

• Support for PCI 2.0 and SCAP benchmarks

• FDCC support for better desktop controls

• OWASP support for better Web application controls

More Comprehensive Controls Assessments

Symantec Control Compliance Suite 10.5 10

Page 11: Symantec control compliance suite

FDCC Support for Better Desktop Controls

• 85% of total reported security breaches can be traced to end user actions*

• Built-in support for Federal Desktop Core Configuration (FDCC)

• Common industry standard for US Federal government

• Protects desktops against harmful configuration changes and vulnerabilities

• Simplifies desktop security

• Easily import monthly updates

• Report on results in FDCC format

Symantec Control Compliance Suite 10.5 11

CCS 10.5

*Michael Bednarczyk, Information Week Analytics

Page 12: Symantec control compliance suite

OWASP Support for Better Web Application Controls

• In 2009 there were 5,500+ unique vulnerabilities in Web applications alone*

• Built-in support for Open Web Application Security Protocol

• Technical standards for securing Web applications

• Focuses on top 10 vulnerabilities

• Automatically identify and remediate risks before they are exploited

• Adopted by PCI Security Standards Council

Symantec Control Compliance Suite 10.5 12

*Symantec Global Internet Security Threat Report

Page 13: Symantec control compliance suite

Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Thank you!

Symantec Control Compliance Suite 10.5 13


Recommended