SlideShare ist ein Scribd-Unternehmen logo
1 von 20
Downloaden Sie, um offline zu lesen
Introducing Symantec
    Control Compliance Suite 10.0

    April 13, 2010


Symantec Control Compliance Suite 10.0   1
Agenda

          1       Symantec Vision for IT GRC


          2       Introducing Control Compliance Suite 10.0




Symantec Control Compliance Suite 10.0                        2
A Holistic Approach to IT Governance, Risk
Management, Compliance and Security

           Policy Driven Governance, Risk Management & Compliance


                   Protect Infrastructure                     Protect Information
                             ENDPOINT                                 DISCOVERY
                             NETWORK
                                                              DATA LOSS PREVENTION
                            MESSAGING
                                                                      ENCRYPTION
                                 WEB
                  NETWORK ACCESS CONTROL                        DATA PROTECTION

                                         Risk-Prioritized Remediation


                                    Effective Systems Management
            Discover           Inventory      Configure   Provision      Patch     Report
                               Workflow                                  CMDB



Symantec Control Compliance Suite 10.0                                                      3
Enterprise Governance, Risk & Compliance – Key
Concerns

                Security Risks                                            Regulatory / Audit Compliance

 • Increasing Sophistication of Threats                                 • Frequency of Assessments
 • Changing Infrastructure & Configurations                             • Internal and External Audit
 • Increasing Regulatory Mandates                                       • Reporting to Multiple Constituencies




                                            Security & Compliance Costs

                                         • Overlapping matrix control objectives
                                         • Manual assessment of controls
                                         • Scale & Diversity of Environment



Symantec Control Compliance Suite 10.0                                                                           4
Introducing Control Compliance Suite 10.0



Symantec Control Compliance Suite 10.0          5
IT GRC is a Complex Problem that Spans the
Enterprise…
                                  TECHNICAL CONTROLS

                                 Automatically identify
                                deviations from technical
                                        standards
                                    Identify critical
                                     vulnerabilities



       POLICY                    PROCEDURAL CONTROLS              REPORT                  REMEDIATE
  Define and manage                                          Gather results in one
                                  Replace paper-based        central repository      Remediate deficiencies
  policies for multiple
                                 surveys with web-based      and deliver                based on risk with
 mandates with out-of-
                                    questionnaires to        dynamic web-based        integration to popular
the-box policy content.
                                 evaluate if polices were    dashboards and              ticketing systems
Map policies to control
      statements.                 read and understood        reports



                                            DATA
                                          CONTROLS
                                 Tight integration with                                  3rd PARTY DATA
                                    DLP to prioritize
                                    assessment and                                          Combine
                                  remediation of assets                                  evidence from
                                 based on value of data           EVIDENCE              multiple sources
                                                                                          and map to
                                                                                            policies
                                                            ASSETS       CONTROLS


 Symantec Control Compliance Suite 10.0                                                                   6
Symantec Control Compliance Suite 10.0
                                 TECHNICAL CONTROLS



                                 CCS Standards
                                   Manager
                                CCS Vulnerability
                                   Manager


      POLICY                    PROCEDURAL CONTROLS        REPORT           REMEDIATE



  CCS Policy                     CCS Response               CCS
                                                                            Symantec
   Manager                        Assessment           Infrastructure
                                                                           Service Desk
                                   Manager


                                           DATA
                                         CONTROLS
                                                                              3rd PARTY
                                                                              EVIDENCE


                                   DLP Discover
                                                          EVIDENCE              CCS
                                                                           Infrastructure
                                                      ASSETS    CONTROLS


Symantec Control Compliance Suite 10.0                                                    7
Control Compliance Suit– A Holistic, Integrated Solution

                                  TECHNICAL CONTROLS




       POLICY                    PROCEDURAL CONTROLS        REPORT          REMEDIATE




                                            DATA
                                          CONTROLS
                                                                             3rd PARTY
                                                                             EVIDENCE



                                                           EVIDENCE


                                                       ASSETS    CONTROLS


 Symantec Control Compliance Suite 10.0                                                  8
Symantec Control Compliance Suite 10.0 – New Features


                CCS Vulnerability Manager


                Web-Based Dynamic
                Dashboards


                Integration with Data Loss
                Prevention


                3rd Party Evidence
                Automation



 Symantec Control Compliance Suite 10.0             9
Thank you!




    Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in
    the U.S. and other countries. Other names may be trademarks of their respective owners.

    This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied,
    are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.


Symantec Control Compliance Suite 10.0                                                                                                                                                      10
Appendix



Symantec Control Compliance Suite 10.0   11
Control Compliance Suite Vulnerability Manager


   • Broadest and most accurate network
     scanning
   • Most accurate Web application and
     database scanning
   • Correlates vulnerabilities across
     multiple IT tiers
   • Categorize and prioritize vulnerability
     exposure
   • Superior risk assessment
   • Superior scalability and performance




  Symantec Control Compliance Suite 10.0         12
Network and Operating Systems Coverage


  • More than 54,000 checks across
    14,000+ vulnerabilities
  • High performance agent-less scanning
  • Updated vulnerability checks within
    24 hours of Microsoft Patch Tuesday
  • Supports Red Hat Enterprise Linux
  • Supports:
         •   Adobe Flash and Adobe Reader
         •   Cisco IOS
         •   Mozilla Firefox
         •   Solaris
         •   SunJVM
         •   Unix



 Symantec Control Compliance Suite 10.0     13
Web Application and Database Scanning


  • Vulnerability detection for AJAX and
    Web 2.0 applications                     “58% of vulnerabilities affect
  • Scans all forms of Web vulnerabilities       Web applications”
    including all flavors of SQL injection
                                              “73% of vulnerabilities are
    and cross-site scripting                     easily exploitable”
  • Vulnerability content for 5 most                Source: Symantec
    popular databases:
         •   MySQL
         •   Sybase
         •   Informix                        “Database Servers represent
         •   Oracle                          75% of all breached records”
         •   PostgreSQL
                                                     Source: Verizon




 Symantec Control Compliance Suite 10.0                                       14
Web-Based Dynamic Dashboards


  • Easy sharing of information
         • Web delivery
         • Print and export dashboards
  • Enhanced analytics
         • Drill down into panel data
         • Multiple panels in a single
           view
         • Page crosslink views for
           additional information




 Symantec Control Compliance Suite 10.0   15
Web-Based Dynamic Dashboards


 • More customizable and
   flexible
     • User definable panels are
       visualizations of KPIs
     • Customizable dashboards
       contain multiple panels
     • Variable panel sizing
     • Maximize a panel
     • Layout, filters persisted




 Symantec Control Compliance Suite 10.0   16
Integration with Symantec Data Loss Prevention


 • DLP Discovery identifies assets for
   compliance assessment
 • Create an asset group by tagging
   assets with most sensitive
   information
 • Prioritize these assets for
   technical control evaluations and
   elevate hardening measures
 • Show data leakage information
   side-by-side with CCS data




 Symantec Control Compliance Suite 10.0          17
Content-Aware Technical Controls
Discovery

                                          3       Send incident and asset info

                                                           New
                                                          in v10




                                                             4     Scans assets to assess
             2                                                      server hardening and
    Crack Content and                                                    compliance
     Record Incidents
                                                                                                Monitor assets for
                                                                                            5
                                                                                                correlated events



                                                                                                SSIM
                                              1 Scan and Retrieve Data
                                                                             Servers with
                                                                             HIPAA data




 Symantec Control Compliance Suite 10.0
                                                                                                                     18
Integrated Compliance Reporting


                                  1       Send incident and asset info




                                                                            2     Map incidents to
                                                                                regulations & policies




                                            4
                                                 Consolidate info on both
                                                  DLP policy violations
                                                 and compliance data in         3      Measure and report on
                                                    dashboard views                   compliance to regulatory
                                                                                          requirements

 Symantec Control Compliance Suite 10.0
                                                                                                                 19
External Evidence System


• Add, edit, delete external
  evidence providers
• Define controls based on
  external evidence
• Third party evidence
  available in content studio
  (Identified by Source)
• Enables mapping to control
  statements




Symantec Control Compliance Suite 10.0   20

Weitere ähnliche Inhalte

Was ist angesagt?

Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframeArun Gopinath
 
AccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC ConvergenceAccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC ConvergenceStephen Tsuchiyama
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTuan Phan
 
TA security
TA securityTA security
TA securitykesavars
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspTuan Phan
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
FedRAMP 3PAO Training
FedRAMP 3PAO Training FedRAMP 3PAO Training
FedRAMP 3PAO Training 1ECG
 
Educause+V4
Educause+V4Educause+V4
Educause+V4ecarrow
 
BMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareBMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareMike Rizzo
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP DrupalMike Lemire
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
Implementing FISMA Moderate Applications on AWS
Implementing FISMA Moderate Applications on AWSImplementing FISMA Moderate Applications on AWS
Implementing FISMA Moderate Applications on AWSAmazon Web Services
 
Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)GovCloud Network
 

Was ist angesagt? (20)

Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
 
Managing Compliance
Managing ComplianceManaging Compliance
Managing Compliance
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframe
 
AccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC ConvergenceAccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC Convergence
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Barqa Edinburgh Final
Barqa Edinburgh FinalBarqa Edinburgh Final
Barqa Edinburgh Final
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
 
TA security
TA securityTA security
TA security
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for csp
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
 
FedRAMP 3PAO Training
FedRAMP 3PAO Training FedRAMP 3PAO Training
FedRAMP 3PAO Training
 
Educause+V4
Educause+V4Educause+V4
Educause+V4
 
BMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareBMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/Malware
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP Drupal
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
 
Implementing FISMA Moderate Applications on AWS
Implementing FISMA Moderate Applications on AWSImplementing FISMA Moderate Applications on AWS
Implementing FISMA Moderate Applications on AWS
 
Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)Federal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP)
 

Ähnlich wie Control Compliance Suite 10

Mms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server InfrastructureMms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server Infrastructureguestd9aa5
 
TechNet Live spor 2 sesjon 4 - sc-forefront
TechNet Live spor 2   sesjon 4 - sc-forefrontTechNet Live spor 2   sesjon 4 - sc-forefront
TechNet Live spor 2 sesjon 4 - sc-forefrontAnders Borchsenius
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Ta Security
Ta SecurityTa Security
Ta Securityjothsna
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM SystemAna Meskovska
 
Day 2 p1 - operate simply
Day 2   p1 - operate simplyDay 2   p1 - operate simply
Day 2 p1 - operate simplyLilian Schaffer
 
Day 2 p1 - operate simply
Day 2   p1 - operate simplyDay 2   p1 - operate simply
Day 2 p1 - operate simplyLilian Schaffer
 
Cloud Computing for Developers and Architects - QCon 2008 Tutorial
Cloud Computing for Developers and Architects - QCon 2008 TutorialCloud Computing for Developers and Architects - QCon 2008 Tutorial
Cloud Computing for Developers and Architects - QCon 2008 TutorialStuart Charlton
 
Securing Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data ProtectionSecuring Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data ProtectionLumension
 
Corporate Presentation
Corporate PresentationCorporate Presentation
Corporate PresentationArul Nambi
 
2012-12-12 Seminar McAfee Risk Management
2012-12-12 Seminar McAfee Risk Management2012-12-12 Seminar McAfee Risk Management
2012-12-12 Seminar McAfee Risk ManagementPinewood
 
Trak Sys Presentation Mfg
Trak Sys Presentation MfgTrak Sys Presentation Mfg
Trak Sys Presentation Mfgwondergt
 
分会场九Altiris终端管理套件和服务器管理套件现在及远景
分会场九Altiris终端管理套件和服务器管理套件现在及远景分会场九Altiris终端管理套件和服务器管理套件现在及远景
分会场九Altiris终端管理套件和服务器管理套件现在及远景ITband
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010prevalentnetworks
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Amazon Web Services
 

Ähnlich wie Control Compliance Suite 10 (20)

Mms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server InfrastructureMms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server Infrastructure
 
TechNet Live spor 2 sesjon 4 - sc-forefront
TechNet Live spor 2   sesjon 4 - sc-forefrontTechNet Live spor 2   sesjon 4 - sc-forefront
TechNet Live spor 2 sesjon 4 - sc-forefront
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
Dev ops intro
Dev ops  introDev ops  intro
Dev ops intro
 
Ta Security
Ta SecurityTa Security
Ta Security
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM System
 
Day 2 p1 - operate simply
Day 2   p1 - operate simplyDay 2   p1 - operate simply
Day 2 p1 - operate simply
 
Day 2 p1 - operate simply
Day 2   p1 - operate simplyDay 2   p1 - operate simply
Day 2 p1 - operate simply
 
Cloud Computing for Developers and Architects - QCon 2008 Tutorial
Cloud Computing for Developers and Architects - QCon 2008 TutorialCloud Computing for Developers and Architects - QCon 2008 Tutorial
Cloud Computing for Developers and Architects - QCon 2008 Tutorial
 
Securing Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data ProtectionSecuring Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data Protection
 
Corporate Presentation
Corporate PresentationCorporate Presentation
Corporate Presentation
 
2012-12-12 Seminar McAfee Risk Management
2012-12-12 Seminar McAfee Risk Management2012-12-12 Seminar McAfee Risk Management
2012-12-12 Seminar McAfee Risk Management
 
Trak Sys Presentation Mfg
Trak Sys Presentation MfgTrak Sys Presentation Mfg
Trak Sys Presentation Mfg
 
BMC - Automation
BMC - AutomationBMC - Automation
BMC - Automation
 
分会场九Altiris终端管理套件和服务器管理套件现在及远景
分会场九Altiris终端管理套件和服务器管理套件现在及远景分会场九Altiris终端管理套件和服务器管理套件现在及远景
分会场九Altiris终端管理套件和服务器管理套件现在及远景
 
Decoding SDN
Decoding SDNDecoding SDN
Decoding SDN
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0
 

Mehr von Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 

Mehr von Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Kürzlich hochgeladen

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 

Kürzlich hochgeladen (20)

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 

Control Compliance Suite 10

  • 1. Introducing Symantec Control Compliance Suite 10.0 April 13, 2010 Symantec Control Compliance Suite 10.0 1
  • 2. Agenda 1 Symantec Vision for IT GRC 2 Introducing Control Compliance Suite 10.0 Symantec Control Compliance Suite 10.0 2
  • 3. A Holistic Approach to IT Governance, Risk Management, Compliance and Security Policy Driven Governance, Risk Management & Compliance Protect Infrastructure Protect Information ENDPOINT DISCOVERY NETWORK DATA LOSS PREVENTION MESSAGING ENCRYPTION WEB NETWORK ACCESS CONTROL DATA PROTECTION Risk-Prioritized Remediation Effective Systems Management Discover Inventory Configure Provision Patch Report Workflow CMDB Symantec Control Compliance Suite 10.0 3
  • 4. Enterprise Governance, Risk & Compliance – Key Concerns Security Risks Regulatory / Audit Compliance • Increasing Sophistication of Threats • Frequency of Assessments • Changing Infrastructure & Configurations • Internal and External Audit • Increasing Regulatory Mandates • Reporting to Multiple Constituencies Security & Compliance Costs • Overlapping matrix control objectives • Manual assessment of controls • Scale & Diversity of Environment Symantec Control Compliance Suite 10.0 4
  • 5. Introducing Control Compliance Suite 10.0 Symantec Control Compliance Suite 10.0 5
  • 6. IT GRC is a Complex Problem that Spans the Enterprise… TECHNICAL CONTROLS Automatically identify deviations from technical standards Identify critical vulnerabilities POLICY PROCEDURAL CONTROLS REPORT REMEDIATE Define and manage Gather results in one Replace paper-based central repository Remediate deficiencies policies for multiple surveys with web-based and deliver based on risk with mandates with out-of- questionnaires to dynamic web-based integration to popular the-box policy content. evaluate if polices were dashboards and ticketing systems Map policies to control statements. read and understood reports DATA CONTROLS Tight integration with 3rd PARTY DATA DLP to prioritize assessment and Combine remediation of assets evidence from based on value of data EVIDENCE multiple sources and map to policies ASSETS CONTROLS Symantec Control Compliance Suite 10.0 6
  • 7. Symantec Control Compliance Suite 10.0 TECHNICAL CONTROLS CCS Standards Manager CCS Vulnerability Manager POLICY PROCEDURAL CONTROLS REPORT REMEDIATE CCS Policy CCS Response CCS Symantec Manager Assessment Infrastructure Service Desk Manager DATA CONTROLS 3rd PARTY EVIDENCE DLP Discover EVIDENCE CCS Infrastructure ASSETS CONTROLS Symantec Control Compliance Suite 10.0 7
  • 8. Control Compliance Suit– A Holistic, Integrated Solution TECHNICAL CONTROLS POLICY PROCEDURAL CONTROLS REPORT REMEDIATE DATA CONTROLS 3rd PARTY EVIDENCE EVIDENCE ASSETS CONTROLS Symantec Control Compliance Suite 10.0 8
  • 9. Symantec Control Compliance Suite 10.0 – New Features CCS Vulnerability Manager Web-Based Dynamic Dashboards Integration with Data Loss Prevention 3rd Party Evidence Automation Symantec Control Compliance Suite 10.0 9
  • 10. Thank you! Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Symantec Control Compliance Suite 10.0 10
  • 12. Control Compliance Suite Vulnerability Manager • Broadest and most accurate network scanning • Most accurate Web application and database scanning • Correlates vulnerabilities across multiple IT tiers • Categorize and prioritize vulnerability exposure • Superior risk assessment • Superior scalability and performance Symantec Control Compliance Suite 10.0 12
  • 13. Network and Operating Systems Coverage • More than 54,000 checks across 14,000+ vulnerabilities • High performance agent-less scanning • Updated vulnerability checks within 24 hours of Microsoft Patch Tuesday • Supports Red Hat Enterprise Linux • Supports: • Adobe Flash and Adobe Reader • Cisco IOS • Mozilla Firefox • Solaris • SunJVM • Unix Symantec Control Compliance Suite 10.0 13
  • 14. Web Application and Database Scanning • Vulnerability detection for AJAX and Web 2.0 applications “58% of vulnerabilities affect • Scans all forms of Web vulnerabilities Web applications” including all flavors of SQL injection “73% of vulnerabilities are and cross-site scripting easily exploitable” • Vulnerability content for 5 most Source: Symantec popular databases: • MySQL • Sybase • Informix “Database Servers represent • Oracle 75% of all breached records” • PostgreSQL Source: Verizon Symantec Control Compliance Suite 10.0 14
  • 15. Web-Based Dynamic Dashboards • Easy sharing of information • Web delivery • Print and export dashboards • Enhanced analytics • Drill down into panel data • Multiple panels in a single view • Page crosslink views for additional information Symantec Control Compliance Suite 10.0 15
  • 16. Web-Based Dynamic Dashboards • More customizable and flexible • User definable panels are visualizations of KPIs • Customizable dashboards contain multiple panels • Variable panel sizing • Maximize a panel • Layout, filters persisted Symantec Control Compliance Suite 10.0 16
  • 17. Integration with Symantec Data Loss Prevention • DLP Discovery identifies assets for compliance assessment • Create an asset group by tagging assets with most sensitive information • Prioritize these assets for technical control evaluations and elevate hardening measures • Show data leakage information side-by-side with CCS data Symantec Control Compliance Suite 10.0 17
  • 18. Content-Aware Technical Controls Discovery 3 Send incident and asset info New in v10 4 Scans assets to assess 2 server hardening and Crack Content and compliance Record Incidents Monitor assets for 5 correlated events SSIM 1 Scan and Retrieve Data Servers with HIPAA data Symantec Control Compliance Suite 10.0 18
  • 19. Integrated Compliance Reporting 1 Send incident and asset info 2 Map incidents to regulations & policies 4 Consolidate info on both DLP policy violations and compliance data in 3 Measure and report on dashboard views compliance to regulatory requirements Symantec Control Compliance Suite 10.0 19
  • 20. External Evidence System • Add, edit, delete external evidence providers • Define controls based on external evidence • Third party evidence available in content studio (Identified by Source) • Enables mapping to control statements Symantec Control Compliance Suite 10.0 20