1 / 15

IT GRC Is A Complex Problem That Spans The Enterprise …

Denver User Group Symantec Control Compliance Suite Update and Roadmap Ronnie Blewer, Senior Product Manager July 21, 2010. IT GRC Is A Complex Problem That Spans The Enterprise …. TECHNICAL CONTROLS. Automation of controls testing for managed and unmanaged assets Wide variety of platforms

feng
Download Presentation

IT GRC Is A Complex Problem That Spans The Enterprise …

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Denver User GroupSymantec Control Compliance Suite Update and RoadmapRonnie Blewer, Senior Product ManagerJuly 21, 2010

  2. IT GRC Is A Complex Problem That Spans The Enterprise … TECHNICAL CONTROLS • Automation of controls testing for managed and unmanaged assets • Wide variety of platforms • Asset/issue prioritization • Customizable, single pane of glass visibility • Audit-ready evidence • Dynamic analysis • Flexible distribution REPORT REMEDIATE • Automated integration with ticketing systems • Closed- and open-loop remediation • Precise tracking POLICY • Translate mandates into controls • Reduce overlapping controls across mandates • Prioritize controls PROCEDURAL CONTROLS • Translate controls into questionnaires • Gather data from vendors / partners • Manage approval • Identification of Sensitive Data • Protect Data in Motion • Realtime Incident Mgt • Configuration Protection REALTIMECONTROLS • Asset information, controls data from other devices & apps 3rd PARTY DATA EVIDENCE ASSETS CONTROLS

  3. An Integrated, Comprehensive Approach to IT GRC TECHNICAL CONTROLS NEW IMPROVED IMPROVED • Symantec™ Control Compliance Suite Standards Manager • Symantec™ Control Compliance Suite Vulnerability Manager REPORT REMEDIATE POLICY PROCEDURAL CONTROLS • Symantec™ Control Compliance Suite Policy Manager • Symantec™ Control Compliance Suite Response Assessment Manager • Symantec™ Control • Compliance Suite (Infrastructure) • Symantec™ ServiceDesk 7.0 REALTIMECONTROLS 3rd PARTY EVIDENCE • Symantec Data LossPrevention Suite • Symantec SIM • Symantec Critical System Protection • Symantec™ Control • Compliance Suite (Infrastructure) EVIDENCE NEW ASSETS CONTROLS

  4. Control Compliance Suite Version 10.0

  5. CCS 10.0 Dynamic Risk and Security Analytics • Dashboards consists of multiple Panels • Panels are visualizations of KPIs • Ability to create Panels • Ability to customize Dashboards Symantec Confidential

  6. Dynamic Dashboards Panel View Types

  7. Web-BasedDynamic Dashboards • More customizable and flexible • User definable panels are visualizations of KPIs • Customizable dashboards contain multiple panels • Variable panel sizing • Maximize a panel • Layout, filters persisted

  8. External Evidence System 4 Map data to policies and regulations 3 Format & store data • Integrate third party evidence for a comprehensive view of compliance and risk posture • Automation for ease of use and lower operational costs Connect to evidence provider 1 5 Trigger data evaluation 2 Collect evidence CCS External Evidence System CCS 5 CONTROL COMPLIANCE SUITE Trigger reporting job Evidence Provider

  9. CCS Integration with Data Loss Prevention • Use DLP discovery information to identify assets for compliance assessment • Show data leakage information side-by-side with CCS data • Key Benefits • Discover critical assets • Prioritize compliance assessments & remediation • Get a comprehensive view of compliance & security posture

  10. Control Compliance Suite Vulnerability Manager – New Module!

  11. Actionable Insight • Problem: • There are too many bulletins, too many patches, too many alerts to know what to start with • Traditional VA products have limited database, web application coverage • Solution: • Ability to identify where the most serious risks are based on smart heuristics • How CCS Vulnerability Manager addresses the need • End-to-end coverage from OS database web app browser client side vulnerability assessment • Vulnerability chaining to find cumulative effects of multiple risks • Advanced risk scoring methodology – Temporal Risk and Exploitability metrics to identify what to fix first • Integrated remediation guidance to drive response

  12. Network andOperating Systems • More than 54,000 checks across 14,000+ vulnerabilities • Agent-less Scanning • Credentialed and non-credentialed scanning • High-performance • Safe checks do not impact scan target performance or reliability • Microsoft • Updated vulnerability checks within 24 hours of Microsoft Patch Tuesday • Detects vulnerabilities based on what the system is running, versus what is installed • Red Hat Enterprise Linux • Supported for backported patches reduces false positive • Other General Coverage • Includes Adobe Flash, Adobe Reader, Cisco IOS, Mozilla Firefox, Solaris, Sun JVM, Unix

  13. Web Application Scanning • 4th Generation Web Spider • Server & Client Side VA checks • Authenticated and Unauthenticated application level scanning • SQL Injection • Directory Traversal • Parameter Manipulation • Dynamic Web 2.0/AJAX Scanning • JavaScript static analysis (Browser Emulation) • Detects all forms of XSS (including DOM-based XSS) • Understands Web Services • Fully integrated into core scanning platform “58% of vulnerabilities affect Web applications” “73% of vulnerabilities are easily exploitable” Source: Symantec

  14. Database Scanning • Authenticated and unauthenticated scanning of database vulnerabilities • Audits database for • Security vulnerabilities • Configuration vulnerabilities • Operational vulnerabilities • General database vulnerability checks for a wide spectrum of databases “Database Servers represent 75% of all breached records” Source: Verizon

  15. Ronnie Blewer Sr. Product Manager ronnie_blewer@symantec.com

More Related