Video Screencast Help

Welcome to the Family - Symantec Control Compliance Suite Vulnerability Manager

Created: 18 Nov 2010 | 12 comments
Language Translations
Guido Sanchidrian's picture
+4 4 Votes
Login to vote

Symantec recently launched a new member of the Control Compliance Suite family - Symantec Control Compliance Suite Vulnerability Manager (CCS VM). This new product will help you when you are challenged to answer questions like which databases, servers and network devices are vulnerable to hacker attacks, which Web applications are exposed to SQL injection, and cross-site scripting threats, which unmanaged devices pose a security risk to your critical systems, or which vulnerabilities should receive highest priority for remediation efforts.

How is this product working? Well, first of all, it scans host operating system, database and Web application (including AJAX and Web 2.0 applications) for vulnerabilities by using a unique vulnerability chaining mechanism to identify cumulative risks and attack vectors. As of today CCS VM provides scanning for more than 54,000 regularly updated vulnerability checks across 14,000+ vulnerabilities. It includes vulnerability content for the most popular database management systems, including MS SQL, IBM DB2, MySQL, Sybase, Informix, Oracle, PostgreSQL and others. The agent-less, native 64-bit scan engine provides high-performance scanning for faster results. In addition, a risk scoring algorithm provides insight into whether or not a vulnerability is exploitable.
 
In particular on Microsoft, CCS VM receive updated vulnerability checks within 24 hours of Microsoft Patch Tuesday. It included checks for Red Hat Enterprise Linux patches, and provides other applications coverage, i.e. for Adobe Flash & Reader, Cisco IOS, Mozilla Firefox, Solaris, Sun JVM, etc.

Last but not least, it is highly scalable via distributed scan engine architecture, and contains an open, standards-based integration API.

In summary, CCS VM is a comprehensive expert technology, it scans entire Web application, database and operating system stack for vulnerabilities including mechanism for vulnerability “chaining” that enables detection of hidden vulnerabilities, and confirms whether exploits actually exist or not.

So why Vulnerability Management matters? The answer is simple, investing into automating vulnerability management just pays. The recent published research by the IT Policy Compliance Group clearly shows that automating the procedures to find and fix vulnerabilities and unknown exploits in IT systems
- Reduces unexpected business downtime from IT disruptions
- Reduces the likelihood of data loss or theft
- Contributes to reductions in security and audit deficiencies in IT
- Is justified, with returns easily exceeding 150 percent annually

You can get more information about it from the attached 2 page summary of the report, or get a full copy of this and related reports from the IT Policy Compliance Group website: www.itpolicycompliance.com.

Feel free to contact me for any further question.

Comments 12 CommentsJump to latest comment

SwarnaSharpa's picture

This information was really helpful for me..i would like to know more about how to install this tool in 32-bit OS as a trialware..so that i will just have a brief regarding usage of the tool.

0
Login to vote
VKalani's picture

I think you can get it  from symantec website, under products section....

-VKalani

0
Login to vote
SwarnaSharpa's picture

I got 64-bit version from the website :-( and after that i searched a'lot but didn't get 32bit version. Can you please suggest any resource with whom i can ask for my queries?

0
Login to vote
SwarnaSharpa's picture

Thanks a'lot..I think these links will be very helpful for me.

0
Login to vote
Spinal's picture

Thanks - a question...

How does licensing work? Is it per IP address?

If so, is there a discovery license to monitor all the unused IP addresses in the network?

i.e. in a subnet with 254 possible hosts, only 4 hosts are connected. Hence, a 4-license pack will suffice to scan those 4 hosts... what about the other 250 "dead" IPs? These need to be checked to ensure that no rogue hosts are connected to the network, but buying 254 IP licenses would be prohibitive.

I know Rapid7 do a discovery license pack, which doesn't check for vulnerabilities, but allows you to scan the entire estate to see if there is a host connected at each potential IP. Does Symantec do this as well?

 

M.

0
Login to vote
Guido Sanchidrian's picture

Hello. CCS VM licensing consists of a CCS VM base license plus additional IP packs or combinations of them (1.000, 5.000, 10.000, 65.000). The base license includes unlimited consoles, scan engines and templates for PCI. It also activates scanning and provides access to the console for user management and reporting. The base also includes functionality for scanning Web servers and is bundled with the ability to discover devices/assets in your environment.

Therefore, with the base license you will be able to discover devices in your environment without any limitation to a certain amount of IP's, but the vulnerability scans are bind to the amount of licensed IP packs.

Please let me know any further question.

-Guido

0
Login to vote
patriot3w's picture

is there any benchmark between other products? or any comparation?

0
Login to vote
Guido Sanchidrian's picture

I am not aware of a product benchmark comparison so far, but you will see some capabilities comparison as part of the Gartner Market Scope for Vulnerability Assessment and the Forrester Wave for Vulnerability Management. Please not that Symantec Vulnerability Manager is using the Rapid 7 Nexpose Engine, therefore you can apply the results for Rapid 7 to Symantec Vulnerability Manager, as the underlying engine is fully equal:

http://www.rapid7.com/resources/analyst-reports.jsp

Symantec strong capabilities for overall IT Governance, Risk and Compliance have been also acknowledged in the latest Forrester Wave for IT Governance, Risk, and Compliance Platforms 2011:

http://www.symantec.com/about/industryanalysts/ana...

Please let me know any further question.

0
Login to vote
ev_34's picture

Hi Guido-

Is there support now for CCSVM to run on a VM infrastructure whether it be the console or a scan engine?

Thanks,

Eric

0
Login to vote
Guido Sanchidrian's picture

Yes, it is. The latest released added new platform support for Security Console and Scan Engine:

Windows 7 Professional (RTM and SP1), Ultimate, Enterprise; 32-bit and 64-bit (Security Console only)
Windows Server 2008 R2 SP1, Standard, Enterprise; 64-bit
Ubuntu 10.04 LTS 64-bit
VMware ESX 3.5
VMware ESXi 3.5
VMware ESX 4.0
VMware ESXi 4.0

Please let me know any further question.

0
Login to vote
Atif's picture

Hi Guys,

Is there any Symantec presentation exclusive for VM available which can be used for pre-sale purpose.

0
Login to vote