Control Compliance Suite

Symantec Vision 2014 has finally arrived and we are excited to welcome all of our attendees! This week’s event offers four days of face-to-face insights, information, and experiences you can use to secure your organization.   

On Wednesday, May 7, we are offering a hands-on lab session to highlight the new capabilities of Symantec Control Compliance Suite Standards Manager 11.0.5, which started shipping on April 15, 2014.   Lab 1381- Enhance Asset Discovery and SCAP 1.2 Compliance for Continuous Monitoring with CCS Standards Manager, will demonstrate how CCS Standards Manager's new network and asset discovery capabilities and SCAP 1.2 support enhances your continuous monitoring objectives. (Lab 1381, Wednesday, May 7, 2-3 pm, Milano 1). 

Control Compliance Suite is Symantec’s solution for enabling business-aware security and risk visibility.  Today, customers employ CCS Standards Manager to improve their overall security posture, discover configuration drifts, and reduce audit failures.  Control Compliance Suite Standards Manager 11.0.5 offers customers the following new and enhanced capabilities for security and compliance across the physical and virtual data centers, including:

• New network and asset discovery capabilities. Patented Lightspeed discovery algorithm offers a less-intrusive and nonauthenticated approach for asset discovery across networks and hosts. Customers will have the ability to discover subnets within a network; and scan and discover all assets within a selected subnet.  Customers will also have the ability to create blacklists and exclude specific networks for discovery and ensure critical networks are not scanned.
• Enhanced support for Continuous Monitoring and Cybersecurity initiatives including: 
  • Upgrade of Windows SCAP engine to SCAP 1.2
  • Enhanced support for SCAP 1.2 specification including the following components Extensible Configuration Checklist Description Format (XCCDF) 1.2, Open Vulnerability and Assessment Language (OVALR) 5.10.1, Common Configuration Enumeration (CCE.) 5, Common Platform Enumeration (CPE.) 2.3, Common Vulnerabilities and Exposures (CVER), Common Vulnerability Scoring System (CVSS) 2.0, Asset Identification 1.1, Asset Reporting Format (ARF) 1.1
  • CCS supports valid TIER IV SCAP 1.2 content including the following content that is published by NIST in the National Checklist Program (NCP) repository
• New APIs in CCS SCAP engine for Partner Integration. These capabilities enable the customer to create and run SCAP evaluation through APIs and export of SCAP results in ARF format.
• Updated regulatory content library and technical platform support including support for ISO 27001-2013, NIST Cybersecurity Framework in SCU 2014-1, and PCI DSS v3.0 in SCU 2014-1
• Updated platform support for UBUNTU, Windows 2012 R2 & SQL 2012

The new capabilities delivered by CCS Standards Manager is intended to enable our customers securely execute their software-defined data center migration plans and support their cyber security, continuous monitoring, and data breach prevention programs.    Customers can download the installer and other packages from the product support site at  http://www.symantec.com/docs/TECH21657

While you're at Vision, we also encourage you to attend the following hands-on lab that are designed to help you get the most out of your existing Control Compliance Suite investment.

• Lab 1366- Optimize Security and Compliance Assessments with CCS will discuss best practices for using Control Compliance Suite's robust assessment and reporting to optimize security, compliance, and risk management operations in the data center. (Monday, May 5, 3:30-4:30pm, Milano-7)
• Lab 1283: How to Use CCS to Proactively Manage Risk will teach attendees how to take proactive approach to securing your environment using Symantec Control Compliance Suite. You will learn how to combine rich, native assessment data from multiple sources and normalize that data so you can get a truly composite view of what your current risk posture is. You will learn how to use this information to clearly communicate the state of your environment to a range of different stakeholders to include IT operations, audit and business leaders. We will show you how to use this information to prioritize and track remediation efforts based on security objectives you define. (Monday, May 5, 2:15-3:15pm, Milano 6 and Tuesday, May 6, 2:45-3:45pm, Milano 6)

See you then!