CUPERTINO, Calif. – Oct. 1, 2002 - Symantec Corp. (NASDAQ: SYMC), the world leader in Internet security, today announced the Symantec Security Management System, a comprehensive set of management applications that improves the effectiveness of the information security environment by delivering proactive control of the security infrastructure and correlated information for better decision-making.
"The primary challenges our customers face are managing their complex security infrastructure and the overwhelming data flow created by all the security devices they've deployed," said Gail Hamilton, executive vice president, Symantec Corp. "Symantec's approach is to provide open policy and incident management capabilities that allow users to proactively secure their network against known threats and to respond in real-time against new attacks."
The Need for A Comprehensive View of Security Posture
Managing enterprise security today is a difficult process, delivered through a combination of disparate commercial products from different vendors lacking integration and interoperability. The result is a high degree of complexity and increased operational costs, and reliance on isolated security data to make critical security decisions. For a majority of enterprises, the outcome is a weak security risk profile – an insecure business infrastructure, incomplete regulation compliance, security audit failures and soaring security management costs – that is not in line with business requirements.
Making it more difficult, protection products throughout the enterprise scan systems and network traffic and send messages on every suspicious activity. Each message is termed a security event, and nearly 10 million occur each month in organizations of even moderate size. An event may be anything from a malformed or over-length network packet, potentially indicating a buffer-overflow attack, to a failed login on a computer that may be critical or relatively insignificant. Taken individually, it is difficult to determine if a given event indicates trouble or not.
An incident is an event or condition that requires a response and closure. Active attacks or virus outbreaks are incidents that are usually comprised of one or more events. Known system vulnerabilities or discovered policy violations should also be treated as incidents that require a response. However, the challenge is sorting through the millions of events to find the incidents in time to take action.
"The biggest challenge we face on a day-to-day basis is the volume of events on our network," said Phil Tyler, operational security consultant, Avnet. "The components of the Symantec Security Management System that we've deployed position us for a complete view of our security posture in real time, in one console, so that we can react quickly and effectively to actual security alerts."
Today's CIOs and CISOs are also under intense pressure when it comes to security. In addition to higher expectations from customers, investors and the general public with regard to regulatory requirements, legal liability and fiduciary responsibility, the increased complexity and number of attacks are causing greater damage. These pressures drive the need for a comprehensive approach to security management.
About The Symantec Security Management System
The Symantec Security Management System helps CIOs and CISOs answer questions such as "How secure am I?", "Where should I focus my resources?" and "Am I doing everything I can to protect my enterprise?" The Symantec Security Management System is comprised of multiple components for customers to select and deploy the right set of security management applications unique to their individual business objectives.
The three key components of the Symantec Security Management System are Symantec Event Managers, Symantec Incident Manager and Symantec ESM for policy compliance. Symantec Event Managers
For enterprise customers who want a complete view of security events for just a specific area of protection, Symantec introduces Symantec Event Manager for Anti-Virus and Symantec Event Manager for Firewall. These Event Managers consolidate data from Symantec's and other vendor's protection solutions to provide the customer with a complete view of virus and firewall events. Customers can collect data from third-party vendor security products including Network Associates antivirus data and Check Point firewalls. Additional event collectors are expected to be available in the December quarter.
Symantec is working with third party vendors to create collectors through a partner program, to be formally announced in the first quarter of 2003. Early adopters to this program currently include TippingPoint, which develops active network-defense systems, and Entercept, which develops intrusion prevention software. TippingPoint and Entercept are scheduled to make event collectors for their products available in the December 2002 quarter. (See separate Partner Release, October 1.)
Symantec Incident Manager
For enterprise customers with large networks yielding massive amounts of security events on a daily basis, there is a greater need for a real-time aggregated and correlated view of security data across network tiers and security technologies. Symantec Incident Manager provides open, real-time incident management that helps enterprises maximize the value of their security technologies, and identify and respond rapidly to security breaches.
Symantec Incident Manager identifies, consolidates and correlates security events from multiple point products and security technologies from a variety of vendors. Symantec Incident Manager analyzes and correlates events to identify incidents, then tracks the resolution of each one to closure. It also allows for the customized setting of incident priorities based on the severity of the impact to business and dynamically adjusts those priorities through each incident's lifecycle.
Once an incident is identified, Symantec Incident Manager provides expert guidance tailored to the specific incident characteristics. Guidance is based on the SANS/CERT incident response framework, an acknowledged best-practices framework. Guidance works in tandem with customer-specific policy controls to help security personnel resolve incidents quickly and effectively. The guidance provided by the system also helps security personnel give clear and complete instructions to the broader IT staff as they direct their activities to resolve each incident.
Symantec Incident Manager also employs a powerful risk analysis engine that determines the impact of each incident based on the relative confidentiality, integrity and availability rating of each asset in the system. The risk analysis engine takes into account what actions have been taken to resolve an incident and dynamically balances the priority of each incident compared to all open incidents. This allows staff to focus resources on resolving the most critical incidents first.
Symantec Incident Manager issues alerts and notifications throughout the lifecycle of an incident. It notifies security personnel when an incident is first detected and constantly monitors the progress being made to resolve each incident. It issues alerts in advance of Security-Level Agreement (SLA) deadlines, implemented by many organizations, which require a response for each of these phases within a specified time.
In addition, Symantec Incident Manager records every action taken to identify and resolve an incident, and generates reports that not only illustrate the type and severity of threats, but also measure the effectiveness of the organization's response. This is an invaluable resource for both meeting audit requirements and improving response procedures.
Further, Symantec Incident Manager is backed by Symantec Security Response, which describes known vulnerabilities and serves as a reference to guide staff as they identify and resolve incidents. This valuable intellectual property includes a comprehensive database of new signatures, vulnerabilities, safeguards and response guidance, and is regularly updated from the largest and most comprehensive collection of security intelligence available.
Symantec is also creating third-party relays so that information can flow easily from the Symantec Security Management System to other network and system management products. A relay component for IBM Tivoli Risk Manager, including the Tivoli Enterprise Console, will be available in the December quarter.
"IBM and Symantec share a common mission to manage security across our customers' complex, multi-vendor environments," said Arvind Krishna, vice president of security products, Tivoli Software, IBM. "Through integration between Tivoli and Symantec software products, IBM can continue to provide the automated, self-protecting security management infrastructure our joint customers expect."
For enterprise customers who are looking for a more comprehensive approach to security management, Symantec ESM, an industry-leading security policy compliance and vulnerability management solution, can be integrated with Symantec Incident Manager to track the resolution of identified policy non-compliance incidents to closure. As a stand-alone security application, Symantec ESM enables enterprises to create customized security policies and manage policy compliance in mission critical business applications and servers across a heterogeneous enterprise from a single location. Together, Symantec Incident Manager and Symantec ESM provide a coordinated, comprehensive approach to managing the security posture across the enterprise.
When integrated with Symantec Incident Manager, Symantec ESM adds important capabilities to identify and resolve policy non-compliance issues and eliminate vulnerabilities. As discussed above, any identified vulnerability or non-compliance condition can be treated as an incident within the context of Symantec Incident Manager.
About Symantec Enterprise Security Architecture
The Symantec Security Management System components are built in compliance with Symantec Enterprise Security Architecture, which provides a standards-based interoperability framework for Symantec and third-party solutions to work together to provide secure, manageable, and scalable enterprise security. Customer environments are heterogeneous and often contain security products from many vendors. Therefore, an interoperable architecture is a critical enabler to enterprises that need strong security and centralized management.
Symantec Event Manager for Anti-Virus is scheduled to be available in late October and Symantec Event Manager for Firewall is scheduled to be available in December. Both will be available through Symantec's worldwide network of value-added authorized resellers, distributors and systems integrators. Symantec Incident Manager is scheduled to be available in late October from Symantec and will initially be sold through select Symantec value-added systems integrators and authorized resellers. Broader availability is expected at a later date. Symantec ESM is currently available through Symantec's worldwide network of value-added authorized resellers, distributors and systems integrators. Organizations can be connected with Symantec resellers or distributors in their areas by visiting the Symantec Solution Provider locator at http://www.symantec.com/partners/partners_frames.html.
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.
NOTE TO EDITORS: : If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.
Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.
FORWARD LOOKING STATEMENT: This press release contains forward-looking statements, including forecasts of future revenue and earnings per share, expected industry patterns, and other financial and business results that involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to differ materially from results expressed or implied by this press release. Such risk factors include, among others: the sustainability of recent growth rates, particularly in consumer products; whether certain market segments, particularly enterprise security, grow as anticipated; the positioning of Symantec's products in those segments; the competitive environment in the software industry; ability to integrate acquired companies and technology; ability to retain key employees; ability to successfully combine product offerings and customer acceptance of combined products; general market conditions, fluctuations in currency exchange rates, changes to operating systems and product strategy by vendors of operating systems; and whether Symantec can successfully develop new products and the degree to which these gain market acceptance. Actual results may differ materially from those contained in the forward-looking statements in this press release. Additional information concerning these and other risk factors is contained in the Risk Factors sections of Symantec’s previously filed Form 10-K and Form 10-Q.