Symantec Control Compliance Suite 10.0 is a holistic, fully-automated solution to manage all aspects of IT risk and compliance. It is expected to provide even greater visibility into an organization’s security and compliance posture while still lowering compliance cost and complexity.
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
Control Compliance Suite 10
1. Introducing Symantec
Control Compliance Suite 10.0
April 13, 2010
Symantec Control Compliance Suite 10.0 1
2. Agenda
1 Symantec Vision for IT GRC
2 Introducing Control Compliance Suite 10.0
Symantec Control Compliance Suite 10.0 2
3. A Holistic Approach to IT Governance, Risk
Management, Compliance and Security
Policy Driven Governance, Risk Management & Compliance
Protect Infrastructure Protect Information
ENDPOINT DISCOVERY
NETWORK
DATA LOSS PREVENTION
MESSAGING
ENCRYPTION
WEB
NETWORK ACCESS CONTROL DATA PROTECTION
Risk-Prioritized Remediation
Effective Systems Management
Discover Inventory Configure Provision Patch Report
Workflow CMDB
Symantec Control Compliance Suite 10.0 3
4. Enterprise Governance, Risk & Compliance – Key
Concerns
Security Risks Regulatory / Audit Compliance
• Increasing Sophistication of Threats • Frequency of Assessments
• Changing Infrastructure & Configurations • Internal and External Audit
• Increasing Regulatory Mandates • Reporting to Multiple Constituencies
Security & Compliance Costs
• Overlapping matrix control objectives
• Manual assessment of controls
• Scale & Diversity of Environment
Symantec Control Compliance Suite 10.0 4
6. IT GRC is a Complex Problem that Spans the
Enterprise…
TECHNICAL CONTROLS
Automatically identify
deviations from technical
standards
Identify critical
vulnerabilities
POLICY PROCEDURAL CONTROLS REPORT REMEDIATE
Define and manage Gather results in one
Replace paper-based central repository Remediate deficiencies
policies for multiple
surveys with web-based and deliver based on risk with
mandates with out-of-
questionnaires to dynamic web-based integration to popular
the-box policy content.
evaluate if polices were dashboards and ticketing systems
Map policies to control
statements. read and understood reports
DATA
CONTROLS
Tight integration with 3rd PARTY DATA
DLP to prioritize
assessment and Combine
remediation of assets evidence from
based on value of data EVIDENCE multiple sources
and map to
policies
ASSETS CONTROLS
Symantec Control Compliance Suite 10.0 6
7. Symantec Control Compliance Suite 10.0
TECHNICAL CONTROLS
CCS Standards
Manager
CCS Vulnerability
Manager
POLICY PROCEDURAL CONTROLS REPORT REMEDIATE
CCS Policy CCS Response CCS
Symantec
Manager Assessment Infrastructure
Service Desk
Manager
DATA
CONTROLS
3rd PARTY
EVIDENCE
DLP Discover
EVIDENCE CCS
Infrastructure
ASSETS CONTROLS
Symantec Control Compliance Suite 10.0 7
8. Control Compliance Suit– A Holistic, Integrated Solution
TECHNICAL CONTROLS
POLICY PROCEDURAL CONTROLS REPORT REMEDIATE
DATA
CONTROLS
3rd PARTY
EVIDENCE
EVIDENCE
ASSETS CONTROLS
Symantec Control Compliance Suite 10.0 8
9. Symantec Control Compliance Suite 10.0 – New Features
CCS Vulnerability Manager
Web-Based Dynamic
Dashboards
Integration with Data Loss
Prevention
3rd Party Evidence
Automation
Symantec Control Compliance Suite 10.0 9
12. Control Compliance Suite Vulnerability Manager
• Broadest and most accurate network
scanning
• Most accurate Web application and
database scanning
• Correlates vulnerabilities across
multiple IT tiers
• Categorize and prioritize vulnerability
exposure
• Superior risk assessment
• Superior scalability and performance
Symantec Control Compliance Suite 10.0 12
13. Network and Operating Systems Coverage
• More than 54,000 checks across
14,000+ vulnerabilities
• High performance agent-less scanning
• Updated vulnerability checks within
24 hours of Microsoft Patch Tuesday
• Supports Red Hat Enterprise Linux
• Supports:
• Adobe Flash and Adobe Reader
• Cisco IOS
• Mozilla Firefox
• Solaris
• SunJVM
• Unix
Symantec Control Compliance Suite 10.0 13
14. Web Application and Database Scanning
• Vulnerability detection for AJAX and
Web 2.0 applications “58% of vulnerabilities affect
• Scans all forms of Web vulnerabilities Web applications”
including all flavors of SQL injection
“73% of vulnerabilities are
and cross-site scripting easily exploitable”
• Vulnerability content for 5 most Source: Symantec
popular databases:
• MySQL
• Sybase
• Informix “Database Servers represent
• Oracle 75% of all breached records”
• PostgreSQL
Source: Verizon
Symantec Control Compliance Suite 10.0 14
15. Web-Based Dynamic Dashboards
• Easy sharing of information
• Web delivery
• Print and export dashboards
• Enhanced analytics
• Drill down into panel data
• Multiple panels in a single
view
• Page crosslink views for
additional information
Symantec Control Compliance Suite 10.0 15
16. Web-Based Dynamic Dashboards
• More customizable and
flexible
• User definable panels are
visualizations of KPIs
• Customizable dashboards
contain multiple panels
• Variable panel sizing
• Maximize a panel
• Layout, filters persisted
Symantec Control Compliance Suite 10.0 16
17. Integration with Symantec Data Loss Prevention
• DLP Discovery identifies assets for
compliance assessment
• Create an asset group by tagging
assets with most sensitive
information
• Prioritize these assets for
technical control evaluations and
elevate hardening measures
• Show data leakage information
side-by-side with CCS data
Symantec Control Compliance Suite 10.0 17
18. Content-Aware Technical Controls
Discovery
3 Send incident and asset info
New
in v10
4 Scans assets to assess
2 server hardening and
Crack Content and compliance
Record Incidents
Monitor assets for
5
correlated events
SSIM
1 Scan and Retrieve Data
Servers with
HIPAA data
Symantec Control Compliance Suite 10.0
18
19. Integrated Compliance Reporting
1 Send incident and asset info
2 Map incidents to
regulations & policies
4
Consolidate info on both
DLP policy violations
and compliance data in 3 Measure and report on
dashboard views compliance to regulatory
requirements
Symantec Control Compliance Suite 10.0
19
20. External Evidence System
• Add, edit, delete external
evidence providers
• Define controls based on
external evidence
• Third party evidence
available in content studio
(Identified by Source)
• Enables mapping to control
statements
Symantec Control Compliance Suite 10.0 20