Symantec Security Compliance Solution Symantec's Automated Approach To .
1y ago
27 Views
1 Downloads
632.78 KB
12 Pages
Report/dmca
Download PDF

Transcription

Symantec Security Compliance SolutionSymantec’s automated approach to IT security compliance helpsorganizations minimize threats, improve security, streamline compliancereporting, and reduce the overall cost of managing IT security controls.

Today’s IT environments face growing security threats,increasing complexity, and often-confusing regulatorymandates. In response, many organizations are adoptingproactive strategies for security and compliance management—strategies that depend on automated technologiesto reduce errors, improve security, and simplify auditingand reporting. Symantec’s industry-leading SecurityCompliance solution offers state-of-the-art automationto help organizations better secure their systems andmaintain configurations, reduce operational securitymanagement costs, and more efficiently meetcompliance requirements.

Security Compliance Is Complex—and CostlyThe security operations landscape is rapidly evolving. As more people have greateraccess to network resources, the risk—both internal and external—of informationtheft or loss due to breaches is increasing. The number of regulations and governancemandates is growing continuously as well, with more compliance requests originatingfrom more diverse audiences every day. And because operations teams often rely onredundant, manual activities to implement and test IT controls, the potential for erroris constantly on the rise.In this environment, the resources required to manage IT controls are steadilyincreasing. Meanwhile, management pressure to reduce operating costs continues tomount. To meet these challenges, companies need an integrated, holistic approachto IT controls management.IT security compliance4

A better approach to IT security complianceMany organizations are plagued by a lack of effective IT controls. A proactive approachto IT security compliance is required to enable them to: Detect IT control deficiencies such as weak passwords, orphan accounts, andinappropriate access Assess IT risk and security threats Identify and incorporate best practices for remediating vulnerabilities more efficiently Reduce the time and effort expended to produce IT audits and compliance reports fora variety of constituenciesTo achieve these critical objectives, organizations need solutions that help them: Leverage a top-down, enterprise-level view into configuration settings andaccess rights Centralize controls assessment and auditing, as well as security log monitoringand management Minimize unnecessary access to information Automate IT compliance reporting processes5

Symantec’s Security Compliance LifecycleSymantec understands that compliance means more than just meeting regulationsmandated by government or industry. It’s also about supporting business objectivesand managing IT risk. To achieve compliance, there must be a tight alignment betweenIT risk and compliance activities so that operations teams can effectively secure theinfrastructure in support of company policy while fulfilling internal and externalcompliance demands.Symantec has developed an automated solution to compliance that can helporganizations realize such an alignment. We can help your operations team harnessrising security and compliance management costs, better meet reporting requests,identify high-risk systems, and more effectively secure systems and configurationsvia a four-pronged approach.Define: First, Symantec helps companies understand their governance requirements,assess risk, and identify IT assets that may be affected by various standards,regulations, and security threats. We then help them automatically define the ITcontrols environment and translate regulatory mandates into automated policiesand controls.Assess: Next, Symantec’s solution assesses the security compliance of IT controlsby automatically testing and monitoring them.Report: Symantec’s holistic solution provides detailed compliance and riskreports. Reporting is customized based on an organization’s requirements,such as by industry standards, regulations, platform, businessunits, or geography.Remediate: Finally, the Symantec approach helps IT remediatecontrol deficiencies and respond quickly to security events.6

“ Automating the management and monitoring ofIT controls infrastructure and events can reduceoperational costs by as much as 40 percent,minimize vulnerabilities and threats, and helpsatisfy compliance requirements.”IT Policy Compliance GroupAutomate, secure, and complyAutomate: “Moving compliance management from manual process controls to automatedsystems controls is less complex to the process owner and auditor, costs less becauselabor costs can be sharply reduced if controls are standardized and rationalized across theenterprise, and has side benefits of process improvement.”GartnerSecure: “Vulnerabilities must be viewed as part of an overall security managementinfrastructure that takes into account security policy, compliance, and risk management.”IDCComply: “A comprehensive IT compliance program must structurally address the abilityto maintain an authoritative control framework, identify and resolve control deficiencies,measure and report control effectiveness, and provide advisory services for IT controls.”Forrester Research7

An Industry-leading Compliance PlatformThe foundation of the Symantec Security Compliance solution is Symantec ControlCompliance Suite, an integrated offering that enables organizations to implement a costeffective, holistic approach to compliance automation. Control Compliance Suite offersmultiple modules and agents for the full range of security and compliance issues facedby today’s enterprises. It allows organizations to: Automate IT controls assessments, enabling consistent implementation, enforcement,and reporting to achieve secure configuration compliance Leverage best-practices guidance based on regulations, benchmarks, and standardsfrom the Center for Internet Security (CIS), National Security Agency (NSA), NationalInstitute of Standards and Technology (NIST), International Organization forStandardization (ISO), Control Objectives for Information and related Technology(COBIT), the Sarbanes-Oxley Act, Payment Card Industry Data Security Standards,the Health Insurance Portability and Accountability Act (HIPAA), and more Map technical and procedural controls to their corresponding compliance objectives,including more than 125 prototypes that tightly link common policies and objectives Provide assessments and evidence of policy implementation and enforcement Monitor, remediate, and report on IT controls and privileged user access Incorporate IT controls status, event logs, and external intelligence on new and existingthreats, and correlate the information to identify and prioritize critical events Initiate remediation through tight integration with popular help desk ticketing systems Implement compliance and security management as part of day-to-day operations,resulting in fewer control deficiencies, less data leakage, and lower compliance andsecurity management costsDay-to-day use case scenariosIn day-to-day operations, IT can use Symantec Control Compliance Suite to: Automate controls testing—Test technical and procedural controls and assesscompliance with policies Automate security event management—Monitor security violations and prioritizeresponses based on policies and regulations8

Manage control configurations—Identify gaps in IT controls, get guidance, andprovide closed-loop remediation Monitor threats in real time—Identify threats and vulnerabilities in controls beforethey become security breaches Comply with audits and reporting requests—Measure IT risk and compliance, deliverdashboards and auditable evidence, and demonstrate controls effectivenessA world-class solution from an industry leaderWith more than 2,000 enterprise customers and the world’s largest configuration policycompliance installed base, Symantec is a global leader in security and compliancemanagement. The company’s innovative products have received awards and recognitionfrom top analysts and industry watchers: Leader in Worldwide Security and Vulnerability Management, IDC Leader in Magic Quadrant for Security Information and Event Management, Gartner Leader in IT Governance, Risk, and Compliance Management (Symantec ControlCompliance Suite), Gartner Leaders in Secure Configuration Wave (Symantec Control Compliance Suite andSymantec Enterprise Security Manager), Forrester Research Leader in SIEM MQ and SIEM Wave (Symantec Security Information Manager),Gartner and Forrester Research Winner of Reader’s Choice Award (Symantec Security Information Manager),Information Security magazine, 2008Additionally, Symantec offers: The industry’s broadest portfolio of leading security, backup, storage, andarchiving controls Unmatched insight into the threat environment via the Symantec GlobalIntelligence Network Strong strategic partnerships with key storage vendors, auditing firms, and integrators The unparalleled expertise of Symantec Consulting Services and channel partners9

Symantec’s comprehensive Security Compliance solutionprovides a proactive, risk-based approach to managing ITcontrols. Through its advanced automation technologies,it enables security operations teams to better securesystems and configurations, streamline compliancereporting, and reduce associated costs. The bottom linefor your organization? Lower cost, better security, andeasier compliance—all from the market leader in securityinformation and vulnerability management. To find outmore, visit www.symantec.com/compliance.

About SymantecSymantec is a global leaderin providing security, storageand systems managementsolutions to help businesses andconsumers secure and managetheir information. Headquarteredin Cupertino, Calif., Symantechas operations in more than40 countries. More information isavailable at www.symantec.com.For specific country officesSymantec Corporationand contact numbers pleaseWorld Headquartersvisit our Web site. For information20330 Stevens Creek Boulevardin the U.S., call toll-freeCupertino, CA 95014 USA1 (800) 745 6054 1 (408) 517 80001 (800) 721 3934www.symantec.comCopyright 2008 Symantec Corporation.All rights reserved. Symantec and theSymantec Logo are trademarks orregistered trademarks of SymantecCorporation or its affiliates in the U.S.and other countries. Other names maybe trademarks of their respective owners.06/08 14161725

Symantec Enterprise Security Manager), Forrester Research Leader in SIEM MQ and SIEM Wave (Symantec Security Information Manager), Gartner and Forrester Research Winner of Reader's Choice Award (Symantec Security Information Manager), Information Security magazine, 2008

Related Books

GUVERNUL ROMÂNIEI Oficiul Registrului Naţional al . - Orniss

GUVERNUL ROMÂNIEI Oficiul Registrului Naţional al . - Orniss

Curriculum Vitae de Alexandre Borges

Curriculum Vitae de Alexandre Borges

Symantec Trust Network (STN) Certificate Policy - DigitalSign

Symantec Trust Network (STN) Certificate Policy - DigitalSign

Account Security Solution Symantec VIP Integration Guide .

Account Security Solution Symantec VIP Integration Guide .

Altiris Deployment Solution 7.1 SP1a MR1 from Symantec User Guide

Altiris Deployment Solution 7.1 SP1a MR1 from Symantec User Guide

ISTR - nsarchive.gwu.edu

ISTR - nsarchive.gwu.edu

Exam 251-503

Exam 251-503

Exam 250-503

Exam 250-503

Data Sheet: Endpoint Security Symantec Protection Suite Small Business .

Data Sheet: Endpoint Security Symantec Protection Suite Small Business .

Symantec Enterprise Security Manager Modules for ESX and ESXi server .

Symantec Enterprise Security Manager Modules for ESX and ESXi server .

Symantec Enterprise Security Manager Installation Guide

Symantec Enterprise Security Manager Installation Guide

PopularTags

Recent Views