The Future of Symantec Risk and Compliance Solutions 1
Kurt Van Etten: Director of Product Management Threat & Risk Management
November 2012
The Future of Symantec Risk and Compliance Solutions
2
Disclaimer
Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.
SYMANTEC VISION 2012
Agenda
The Future of Symantec Risk and Compliance Solutions 3
Moving From Compliance to IT Risk 1
Leveraging Existing Investments 2
Single Platform for Many Jobs 3
Actionable Intelligence 4
SYMANTEC VISION 2012
Risk And Compliance Maturity Curve
The Future of Symantec Risk and Compliance Solutions 4
Comply with key mandates
Stay ahead of threats
Focus on top priorities
Build sustainable risk program
Connect to business
70 % CISOs report increased executive awareness 50% expect increased business influence Only 1 in 8 feel Info Sec can influence business decisions
Source: IREC 2011
SYMANTEC VISION 2012
Expanding From Compliance To Risk – Drivers
The Future of Symantec Risk and Compliance Solutions 5
Compliance Centric
Risk Centric
• Driven by external mandates
• Focus on pass / fail checkbox
• Large volume of audit findings leads
• Point in time view
• OFTEN SUBJECTIVE
• Driven by business needs
• Focus on continuous improvement
• Risk-prioritized issues drive action
• Continuous Monitoring
• DATA DRIVEN
SYMANTEC VISION 2012
Expanding From Compliance To Risk – Constraints
The Future of Symantec Risk and Compliance Solutions 6
“I need a way to leverage my
existing investments”
“I want to use the same platform to complete many
jobs”
“I need actionable intelligence to make better decisions”
SYMANTEC VISION 2012
I Need To Leverage My Existing Investments
The Future of Symantec Risk and Compliance Solutions 7
Use the infrastructure I
have
• No need to displace existing solutions
• Help my existing solutions work together
1 Quick time to
value
• Integrate security information from multiple technologies
• Automatically updated data mappings
2 Keep my costs
down
• Minimal initial set-up costs
• Easy to maintain interface between 3rd party systems
3
SYMANTEC VISION 2012
Symantec Partner Developed
Community Supported
Additional Connectors
Symantec Connector Strategy
The Future of Symantec Risk and Compliance Solutions 8
Information Protection
Endpoint Security
Infrastructure Security
Network Security
Application Security
Security Management
Identify and Access Controls
Symantec Built
Symantec Tested
Symantec Supported
Supported Connectors
SYMANTEC VISION 2012
Symantec Connector Roadmap
9 9 The Future of Symantec Risk and Compliance Solutions
• Endpoint Protection
• Data Loss Prevention
• CCS Standards Manager
• CCS Vulnerability Manager
• Security Information Manager
• Critical System Protection
• Encryption
Symantec Third Party
• Qualys
• Rapid7
• HyTrust
• Salesforce
• Bit9 • Catbird • Cenzic • Core Security • Courion • eEye • Imperva
• RedSeal • SailPoint • Skybox • Tenable • Veracode • VMware
Create custom connectors with open
SPC Enterprise platform
• Symantec DeepSight™
• Managed Security Services
• Mail Security for Exchange®
• Messaging Gateway
• Web Gateway
• VIP User Authentication
• Certificate Intelligence Center
• Mobile Device Management
• Endpoint Management
• Symantec NetBackup™
• Symantec Backup Exec™
SYMANTEC VISION 2012
I Want One Platform To Manage My Security Program
The Future of Symantec Risk and Compliance Solutions 10
Scalability is critical for me
• Need to manage
Big Data
• Link to underlying technical assessment technologies
1 Get the right
data to the right user
• Customizable views for multiple stakeholders
2 Help me get
better insights from my data
• Cut the data multiple ways
• Cross-reference data points for unique insights
3
SYMANTEC VISION 2012
Dynamic Dashboards (Web and iPad*)
Managed Security Services (inc. SSIM)
Symantec Endpoint Protection
CCS Standards Manager
Critical System Protection
Symantec Encryption
CCS Vulnerability Manager
Data Loss Prevention
Virtualization Security Manager
Symantec Approach: One Platform Three Views
Asset System Security Intelligence Data Store
Security Metrics and Analytics Platform
Compliance View Security Metrics View Risk Management View
11 The Future of Symantec Risk and Compliance Solutions
SYMANTEC VISION 2012
I Need Actionable Intelligence To Make Better Decisions
The Future of Symantec Risk and Compliance Solutions 12
I need data relevant to my
business
• Data that supports business critical operations at your fingertips
1 I need to prioritize
• Know what to fix first so you make best use of resources
2 I need to drive
action
• Get clear direction on how to address identified risks
3
SYMANTEC VISION 2012 The Future of Symantec Risk and Compliance Solutions 13
Actionable Intelligence: An Example
Identify Compliance Failures & Focus Remediation
SYMANTEC VISION 2012
Actionable Intelligence: An Example
The Future of Symantec Risk and Compliance Solutions 14
Identify Sensitive Data & Focus on Critical Exposures
SYMANTEC VISION 2012
Actionable Intelligence: An Example
The Future of Symantec Risk and Compliance Solutions 15
Highlight Business or Critical Process Exposures
SYMANTEC VISION 2012
Actionable Intelligence: An Example
The Future of Symantec Risk and Compliance Solutions 16
Drill Down To The Details And Model Risk
SYMANTEC VISION 2012
Actionable Intelligence
The Future of Symantec Risk and Compliance Solutions 17
Monitor Action Plans
SYMANTEC VISION 2012
Roadmap Themes
The Future of Symantec Risk and Compliance Solutions 18
Interoperability
• Virtualization Security
• Robust Connectors • WebSphere
Risk Management Usability
• Internationalization • Simplified
architecture • Mandate-based
reporting • Web-enabled
dashboards
• Risk Manager • Vendor Risk • Risk modeling
Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
19
The Future of Symantec Risk and Compliance Solutions
SYMANTEC VISION 2012
Actionable Intelligence: An Example
The Future of Symantec Risk and Compliance Solutions 20
Drill Down To The Details And Model Risk