Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Transcription

1 Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall cost of managing IT security controls.

2

3 Today s IT environments face growing security threats, increasing complexity, and often-confusing regulatory mandates. In response, many organizations are adopting proactive strategies for security and compliance management strategies that depend on automated technologies to reduce errors, improve security, and simplify auditing and reporting. Symantec s industry-leading Security Compliance solution offers state-of-the-art automation to help organizations better secure their systems and maintain configurations, reduce operational security management costs, and more efficiently meet compliance requirements.

4 Security Compliance Is Complex and Costly The security operations landscape is rapidly evolving. As more people have greater access to network resources, the risk both internal and external of information theft or loss due to breaches is increasing. The number of regulations and governance mandates is growing continuously as well, with more compliance requests originating from more diverse audiences every day. And because operations teams often rely on redundant, manual activities to implement and test IT controls, the potential for error is constantly on the rise. In this environment, the resources required to manage IT controls are steadily increasing. Meanwhile, management pressure to reduce operating costs continues to mount. To meet these challenges, companies need an integrated, holistic approach to IT controls management. IT security compliance 4

5 A better approach to IT security compliance Many organizations are plagued by a lack of effective IT controls. A proactive approach to IT security compliance is required to enable them to: Detect IT control deficiencies such as weak passwords, orphan accounts, and inappropriate access Assess IT risk and security threats Identify and incorporate best practices for remediating vulnerabilities more efficiently Reduce the time and effort expended to produce IT audits and compliance reports for a variety of constituencies To achieve these critical objectives, organizations need solutions that help them: Leverage a top-down, enterprise-level view into configuration settings and access rights Centralize controls assessment and auditing, as well as security log monitoring and management Minimize unnecessary access to information Automate IT compliance reporting processes 5

6 Symantec s Security Compliance Lifecycle Symantec understands that compliance means more than just meeting regulations mandated by government or industry. It s also about supporting business objectives and managing IT risk. To achieve compliance, there must be a tight alignment between IT risk and compliance activities so that operations teams can effectively secure the infrastructure in support of company policy while fulfilling internal and external compliance demands. Symantec has developed an automated solution to compliance that can help organizations realize such an alignment. We can help your operations team harness rising security and compliance management costs, better meet reporting requests, identify high-risk systems, and more effectively secure systems and configurations via a four-pronged approach. Define: First, Symantec helps companies understand their governance requirements, assess risk, and identify IT assets that may be affected by various standards, regulations, and security threats. We then help them automatically define the IT controls environment and translate regulatory mandates into automated policies and controls. Assess: Next, Symantec s solution assesses the security compliance of IT controls by automatically testing and monitoring them. Report: Symantec s holistic solution provides detailed compliance and risk reports. Reporting is customized based on an organization s requirements, such as by industry standards, regulations, platform, business units, or geography. Remediate: Finally, the Symantec approach helps IT remediate control deficiencies and respond quickly to security events. 6

7 Automating the management and monitoring of IT controls infrastructure and events can reduce operational costs by as much as 40 percent, minimize vulnerabilities and threats, and help satisfy compliance requirements. IT Policy Compliance Group Automate, secure, and comply Automate: Moving compliance management from manual process controls to automated systems controls is less complex to the process owner and auditor, costs less because labor costs can be sharply reduced if controls are standardized and rationalized across the enterprise, and has side benefits of process improvement. Gartner Secure: Vulnerabilities must be viewed as part of an overall security management infrastructure that takes into account security policy, compliance, and risk management. IDC Comply: A comprehensive IT compliance program must structurally address the ability to maintain an authoritative control framework, identify and resolve control deficiencies, measure and report control effectiveness, and provide advisory services for IT controls. Forrester Research 7

8 An Industry-leading Compliance Platform The foundation of the Symantec Security Compliance solution is Symantec Control Compliance Suite, an integrated offering that enables organizations to implement a costeffective, holistic approach to compliance automation. Control Compliance Suite offers multiple modules and agents for the full range of security and compliance issues faced by today s enterprises. It allows organizations to: Automate IT controls assessments, enabling consistent implementation, enforcement, and reporting to achieve secure configuration compliance Leverage best-practices guidance based on regulations, benchmarks, and standards from the Center for Internet Security (CIS), National Security Agency (NSA), National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), Control Objectives for Information and related Technology (COBIT), the Sarbanes-Oxley Act, Payment Card Industry Data Security Standards, the Health Insurance Portability and Accountability Act (HIPAA), and more Map technical and procedural controls to their corresponding compliance objectives, including more than 125 prototypes that tightly link common policies and objectives Provide assessments and evidence of policy implementation and enforcement Monitor, remediate, and report on IT controls and privileged user access Incorporate IT controls status, event logs, and external intelligence on new and existing threats, and correlate the information to identify and prioritize critical events Initiate remediation through tight integration with popular help desk ticketing systems Implement compliance and security management as part of day-to-day operations, resulting in fewer control deficiencies, less data leakage, and lower compliance and security management costs Day-to-day use case scenarios In day-to-day operations, IT can use Symantec Control Compliance Suite to: Automate controls testing Test technical and procedural controls and assess compliance with policies Automate security event management Monitor security violations and prioritize responses based on policies and regulations 8

9 Manage control configurations Identify gaps in IT controls, get guidance, and provide closed-loop remediation Monitor threats in real time Identify threats and vulnerabilities in controls before they become security breaches Comply with audits and reporting requests Measure IT risk and compliance, deliver dashboards and auditable evidence, and demonstrate controls effectiveness A world-class solution from an industry leader With more than 2,000 enterprise customers and the world s largest configuration policy compliance installed base, Symantec is a global leader in security and compliance management. The company s innovative products have received awards and recognition from top analysts and industry watchers: Leader in Worldwide Security and Vulnerability Management, IDC Leader in Magic Quadrant for Security Information and Event Management, Gartner Leader in IT Governance, Risk, and Compliance Management (Symantec Control Compliance Suite), Gartner Leaders in Secure Configuration Wave (Symantec Control Compliance Suite and Symantec Enterprise Security Manager), Forrester Research Leader in SIEM MQ and SIEM Wave (Symantec Security Information Manager), Gartner and Forrester Research Winner of Reader s Choice Award (Symantec Security Information Manager), Information Security magazine, 2008 Additionally, Symantec offers: The industry s broadest portfolio of leading security, backup, storage, and archiving controls Unmatched insight into the threat environment via the Symantec Global Intelligence Network Strong strategic partnerships with key storage vendors, auditing firms, and integrators The unparalleled expertise of Symantec Consulting Services and channel partners 9

10 Symantec s comprehensive Security Compliance solution provides a proactive, risk-based approach to managing IT controls. Through its advanced automation technologies, it enables security operations teams to better secure systems and configurations, streamline compliance reporting, and reduce associated costs. The bottom line for your organization? Lower cost, better security, and easier compliance all from the market leader in security information and vulnerability management. To find out more, visit

11

12 About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help businesses and consumers secure and manage their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at For specific country offices and contact numbers please visit our Web site. For information in the U.S., call toll-free 1 (800) Symantec Corporation World Headquarters Stevens Creek Boulevard Cupertino, CA USA +1 (408) (800) Copyright 2008 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 06/