Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance Suite Standards Manager Overview Are you able to: Conduct fine-grain network and asset discovery across your virtual and physical data center? Effectively harden security configuration settings across your physical and virtual infrastructures? Automate the assessment of technical controls and security configuration standards across your data center assets? Deliver role-based and operational mandate-based reporting on security configuration across multiple security standards and regulatory mandates? Prioritize technical controls for remediation across IT ops, Sec Ops, and compliance? Optimize resource allocation for the remediation of risks and audit findings according to business priorities? Support the new SCAP 1.2, PCI-DSS v.3, and NIST Cybersecurity standards? Assess once and deliver reports to comply with multiple regulatory mandates as well as support IT operations and security operations requirements? Identify which servers and databases are missing critical patch updates? Identify which servers and databases have known default configuration settings? Effectively handles exceptions in the configuration of security controls? 1
Solution Overviewview Symantec Control Compliance Suite Standards Manager is a leading network and asset discovery and security configuration assessment solution. Organizations employ Symantec Control Compliance Suite Standards Manager to harden the physical and virtual infrastructure, detect configuration drifts, and evaluate if systems are secured, configured, and patched according to standards for security operations and compliance reporting. Symantec Control Compliance Suite Standards Manager enables a consistent, centralized approach to your organization s security and compliance posture. It replaces manual, error-prone checks with scheduled, automated assessments. Role-based, operational, and mandate-based reporting allows IT operations, security operations, and compliance to minimize overlaps and conflicts. The capability to assess once and report to many helps IT operations, security, and compliance align their remediation priorities. What s New in Control Compliance Suite Standards Manager 11.0.5? Control Compliance Suite Standards Manager offers new and enhanced capabilities for security and compliance across thephysical and virtual data centers, including: New network and asset discovery capabilities. Patented Lightspeed discovery algorithm offers a less-intrusive and nonauthenticated approach for asset discovery across networks and hosts Ability to create blacklists and exclude specific networks for discovery and ensure critical networks are not scanned Enhanced support for Continuous Monitoring and Cybersecurity initiatives including: Upgrade of Windows SCAP engine to SCAP 1.2 Enhanced support for SCAP 1.2 including Enhanced Assessment Results Reporting (ARF) Support for OVAL 5.3, 5.8, & 5.10 Vulnerability Assessment, increased coverage of supported OVAL entities, and support for CCE & CVE IDs in SCAP results New APIs in CCS SCAP engine for Partner Integration. These capabilities enable the customer to create and run SCAP evaluation through APIs and export of SCAP results in ARF format. Updated regulatory content library and technical platform support including: Support for ISO 27001-2013 Support for NIST Cybersecurity Framework in SCU 2014-1 Support PCI DSS v3.0 in SCU 2014-1 Updated platform support for UBUNTU, Windows 2012 R2 & SQL 2012 Features Extensive, out-of-the-box technical content including the latest Center for Internet Security (CIS) benchmarks for OS platforms, databases, and applications Broad and deep platform coverage for servers, endpoints, databases, hypervisors and virtual machines, and mission critical applications, including mainframes Discovery and assessment of both hypervisor and guest operating systems for centralized, scalable security configuration management of virtualized environments 2
Flexible agent-based and agentless data gathering options available on a unified platform with a single management interface Risk-based, highly customizable, out-of-the-box remediation workflows, including exception management, which supports integration with existing business processes Scalable data framework enables the easy aggregation and normalization of technical controls data from multiple sources Ad hoc query interface for near real-time assessment of threat exposure Customer Benefits Enable the secure migration to and deployment of a software-defined data center transformation initiative Harden the virtual and physical infrastructure through the integration with Symantec Data Center Security: Server and Advanced Server Improve cybersecurity and data breach prevention capabilities by enabling the efficient discovery of rogue networks and assets Optimize assessment and reporting of security configuration standards across physical and virtual assets Leverage role-based, automated and risk-prioritized dashboard and reporting to align priorities and optimize resource allocation for risk remediation Improve overall security posture, discover configuration drifts, and reduce audit failures with automated security configuration assessments Align security operations with compliance and IT risk management by automating the mapping of assets to controls, control statements, and an extensive and regularly updated library of security best practice frameworks and standards Reduce management complexity and minimize operational costs by combining agent-based and agentless data gathering options via a unified management interface Overview view of Control Compliance Suite Symantec Control Compliance Suite (CCS) is a modular, highly scalable, and comprehensive solution for automating security and compliance assessments across the physical and virtual data centers, and across public clouds. Each of the seven Control Compliance Suite Modules is available independently or as part of a broader suite. The Control Compliance Suite Control Studio and Infrastructure combines evidence from the multiple modules as well as third party systems, and maps assets and evidence to control statements, standards, and policies and regulations to enable mandate-based reporting and risk assessments. Role-based, customizable Web-based dashboards, and reports enable the organization to measure risk and track the performance of its security and compliance programs. Workflow integration with remediation ticketing systems enable organizations to align security operations with compliance and risk management operations, prioritize risk mitigation and remediation activities, and optimize security and IT operations. Control Compliance Suite Modules Symantec Control Compliance Suite Policy Manager automates policy definition and policy life cycle management with out-of-the-box policy content for multiple mandates, automatically maps assets to controls, standards and regulatory mandates, identifies common controls to enable assess once and report to multiple mandates, and delivers content and technical standards updates on a quarterly basis. 3
Symantec Control Compliance Suite Risk Manager aligns security and compliance operations with business priorities by defining risks according to business thresholds, mapping risks to assets, controls and owners, and calculating risk scores. This information can be used to prioritize resource allocation, enable alignment of security operations with compliance, and prioritize risk mitigation and remediation. Customers also utilize Risk Manager to measure and track the performance of its compliance and risk reduction programs. Symantec Control Compliance Suite Standards Manager is a leading asset discovery and configuration assessment solution. The solution is employed to harden the physical and virtual infrastructure, detect configuration drifts, and evaluate if systems are secured, configured, and patched according to standards for security operations and compliance reporting. Symantec Control Compliance Suite Vulnerability Manager performs end-to-end vulnerability assessment of Web applications, databases, servers, and network devices, delivering a single view of security threats and vulnerabilities across the physical and virtual infrastructure. Symantec Control Compliance Suite Virtualization Security Manager enables role-based separation of duties and access within the virtual infrastructure, monitors and reports on the activities of privileged users within the virtual environment, and assesses for compliance to privileged user virtualization security policies. Symantec Control Compliance Suite Assessment Manager automates the assessment of procedural controls governing employee behavior. Assessment Manager offers out-of-the-box, comprehensive coverage for 100+ regulations, frameworks & best practices that are translated into questionnaires to assess the effectiveness of procedural controls. These questionnaires can also be used to evaluate overall employee security awareness and to support security awareness training. Symantec Control Compliance Suite Vendor Risk Manager enables the assessment and monitoring of your vendor risk exposure including third party business process services, application developers, and cloud service providers by automating security and compliance assessments. System Requirements- Control Compliance Suite Core Software Requirements Operating System Windows Server 2003 SP2 x64 Enterprise or Standard edition Windows Server 2003 R2 SP2 x64 Enterprise or Standard edition Windows Server 2008 SP2 x64 Enterprise or Standard edition Windows Server 2008 R2 x64 Enterprise or Standard edition Database Microsoft SQL Server 2005 SP2 or later (32-bit and 64-bit computers) Microsoft SQL Server 2008 SP1, SP2 (32-bit and 64-bit computers) Microsoft SQL Server 2008 R2 (32-bit and 64-bit computers) Other Software Microsoft.Net Framework 3.5 SP1 Oracle Instant Client 10.2.0.4 4
Internet connection for CCS service Internet Explorer 8.0 Internet Information Service (IIS) ASP.NET v4.0.30319 ASP.NET v4.0.30319 Web Service Extensions Hardware Requirements For deployment on a single server Minimum memory: 4GB Minimum processor: Dual Proc 3GHz Minimum hard disk space: 140GB SQL Server Minimum memory: 4GB Minimum processor: Dual Proc 3GHZ Disk Sizing: Refer to the Planning and Deployment Guide More Information Visit our website http://enterprise.symantec.com To speak with a Product Specialist in the U.S. Call toll-free 1 (800) 745 6054 To speak with a Product Specialist outside the U.S. For specific country offices and contact numbers, please visit our website. About Symantec Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses, and governments seeking the freedom to unlock the opportunities technology brings anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company operating one of the largest global data-intelligence networks, has provided leading security, backup, and availability solutions for where vital information is stored, accessed, and shared. The company s more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2013, it recorded revenues of $6.9 billion. To learn more go to www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 21328945 05/14 5