Symantec Launches New IT Policy Compliance Offering

Customers provided automated assessment of deviations from IT controls standards and enhanced platform support

CUPERTINO, Calif. -- Aug. 2, 2006 -- Symantec Corp. today announced Symantec Control Compliance Suite, an upgrade to the bv-Control portfolio of products that helps customers reduce the cost and complexity of IT policy compliance through automated assessment of policies against industry regulations, standards, and best practices. Symantec Control Compliance Suite’s new data gathering functions such as agentless reporting and database discovery offer a comprehensive solution for IT control compliance reporting across disparate platforms, providing a cost-effective method for managing global IT risks.

More than 4,000 customers worldwide currently have Symantec Control Compliance Suite components installed, relying on these automated tools to efficiently govern their IT compliance posture by detecting drift from secure baselines, identifying accounts with blank passwords, and notifying the organization when administrative accounts receive new members.

Customers are offered unparalleled auditing capabilities with hundreds of ready-to-run reports using easy customization options and flexible audit creation in each environment to improve internal and external audits. IT administrators are able to be proactive in even the most resource-constrained environments by automating tasks enterprise-wide. This automated functionality helps to streamline compliance with such regulations as Sarbanes-Oxely, FISMA, or HIPAA, while dramatically reducing the costs of doing regular audits.

“As organizations continue to face stringent IT policy compliance requirements, Symantec is committed to helping customers define what they would like to be compliant to, control their IT environment to achieve compliance, and help them govern that compliance posture over time,” said Arshad Matin, vice president, compliance and security management, Symantec Corp. “Symantec Control Compliance Suite reduces costs associated with compliance by automating the management of deviations from technical standards and providing the ability to effectively remediate misconfigurations.”

Tracking compliance to IT controls related to important regulations and frameworks, Symantec Control Compliance Suite provides an efficient means to assess compliance to control systems based on custom mappings between technical standards and frameworks and regulations. Symantec Control Compliance Suite supplies regulatory content for Sarbanes-Oxley, FISMA, HIPAA, GLBA, Basel II, and framework content for ISO 17799, COBIT, and NIST SP800-53.

Symantec Control Compliance Suite allows customers to produce “Evidence of Review” reporting to facilitate management review of access controls as mandated by Sarbanes-Oxley and other regulations to prove that privilege grants conform to access needs. This is supplied through granular, detailed entitlement reports that show who has access to specific information, what each individual has access to, and who the business owner is for the data.

Customers are offered powerful closed-loop identification and resolution to find and eliminate security vulnerabilities. Symantec Control Compliance Suite provides detailed remediation instructions to correct deviations and integrates with existing change-control ticketing systems, such as Remedy and HP Service Desk, to ensure that changes are made only after appropriate authorization and with proper oversight.

In addition, IT administrators can establish baseline configurations for all major operating systems by creating a custom technical standard or building a reference template from pre-existing internal standards. Technical standards can be exported for archive and business continuity purposes. Technical Standard Packs are available for the following operating systems and applications: Windows, UNIX, Linux, NetWare, SQL Server, Oracle, and Exchange.

Symantec Control Compliance Suite 8.2 includes agentless UNIX reporting, Oracle patch assessment and database discovery, and reporting and database activity auditing on SQL Server 2005. In addition, customers are provided support for mobile devices connecting to Microsoft Exchange servers. It also integrates with Symantec BindView Policy Manager to provide proof of security configuration compliance with broader corporate policy.

Symantec Control Compliance Suite is a key component of Symantec’s IT Policy Compliance solution. The Symantec IT Policy Compliance solution offers customizable products and services designed to help customers define, control, and govern their IT compliance initiatives.

Licensing and Availability

Symantec Control Compliance Suite 8.2 is currently available through Symantec’s worldwide network of value-added resellers, distributors and systems integrators. Organizations seeking a reseller or distributor should contact Symantec at http://enterprisesecurity.symantec.com.

About Symantec

Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at http://www.symantec.com.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Must Read Articles