ABOUT SYMANTEC

Press Release

Symantec Control Compliance Suite Provides More Timely Insight into IT Risks

Eighty percent of organizations need three months or more to assess IT risk levels
SINGAPORE – March 1, 2011 – Symantec Corp. (Nasdaq: SYMC) today introduced the next version of Symantec Control Compliance Suite, the company’s integrated, fully automated solution designed to address IT risk and compliance challenges. Symantec Control Compliance Suite 10.5 delivers new features to help organizations better manage IT risk while achieving a more holistic view of risk across their IT infrastructure.  This release also continues to provide support for the latest regulatory and security standards and further expands upon integrated native assessment capabilities.


The IT Policy Compliance Group recently reported that a startling eight in ten organizations have poor visibility into their IT risk, taking three to nine months or longer to classify their IT risk levels. Inability to prioritize risks, lack of a comprehensive risk view and inadequate controls assessments all contribute to this problem. Symantec Control Compliance Suite is designed to address these challenges by driving better overall visibility and control of IT risks.


Improved Risk Management Capabilities
“Organizations with the best insight into IT risks have the ability to sort through thousands of IT issues on a daily basis and prioritize remediation efforts to focus on protecting their most critical assets and data first,” notes Jim Hurley, managing director of the IT Policy Compliance Group. The new version of Control Compliance Suite expands upon Symantec’s prioritized approach to managing IT risks with built-in support for the new Security Content Automation Protocol (SCAP) benchmarks and deeper integration with Symantec Data Loss Prevention.


Developed by the National Institute of Standards and Technology (NIST), SCAP provides organizations with a standardized approach to writing security checks and reporting on configuration and vulnerability information across multiple vendors’ solutions.  This common framework facilitates a shared view of IT risks allowing organizations to more quickly prioritize and remediate the most important issues found.


Building upon the existing integration with Symantec Data Loss Prevention, this release of Control Compliance Suite provides additional capabilities to help organizations better manage the risk to their most critical data.  Through new workflow integration with Symantec Data Loss Prevention, Control Compliance Suite allows organizations to automatically target security awareness training at individuals who have violated data protection policies. Summary pages from these questionnaires deliver an overview of where key security awareness risks are, and have the ability to drill down into more detail to assist in remediation efforts.


A More Holistic View of IT Risk
Organizations with a truly holistic view of their IT risks routinely gather and report on data from multiple sources, per the IT Policy Compliance Group. Symantec Control Compliance Suite continues to deliver a more comprehensive view of IT risks by simplifying the process of consolidating data from disparate systems across the enterprise and communicating results in powerful, web-based dashboards.


Previous releases provided the ability to integrate data from Symantec Data Loss Prevention as well as third party applications such as firewalls, event management systems and vulnerability management solutions. This data is then brought into pre-defined dashboard panels to provide a more holistic view of IT risks for better decision making. The newest version of Symantec Control Compliance Suite expands upon this capability with new out-of-the-box connectors to automatically collect security awareness survey results from the Symantec Control Compliance Suite Response Assessment Manager.  For example, a business unit manager can now view a Symantec Data Loss Prevention policy violation alongside results of who passed security awareness training and information on the compliance posture of servers hosting his most critical data.


To further expand an organization’s view of IT risk, future releases of Control Compliance Suite are planned to bring in data from other Symantec solutions, including data on critical vulnerabilities, the latest security threats and real-time file integrity monitoring.


New Built-in Content for Comprehensive Controls Assessments
According to the IT Policy Compliance Group, organizations with the best visibility into their IT risk levels start by putting in place the correct IT controls. A key differentiator for Symantec Control Compliance Suite has been its built-in content covering multiple IT control frameworks and regulations, coupled with automatic updates to help ensure controls assessments are always based on the very latest standards.  Symantec Control Compliance Suite expands upon this capability with support for PCI 2.0 and the new SCAP benchmarks. While currently the defacto standard for ensuring infrastructure security for US government agencies, SCAP is increasingly being adopted in forward-thinking commercial enterprises.


This latest release also broadens technical control assessment capabilities to include Federal Desktop Core Configuration Standard (FDCC) support for desktops and Open Web Application Security Project (OWASP) support for Web applications. FDCC helps protect desktops against harmful configuration changes and vulnerabilities while OWASP delivers a technical security standard for web applications by focusing on the top 10 most common vulnerabilities.


Supporting Quotes
“It’s not surprising that the vast majority of organizations are flying blind when it comes to identifying their most critical IT risks,” said Ram Krishnan, vice president of product management, Symantec. “Most struggle with gathering vast quantities of data from multiple tools, collected in different formats and trying to rationalize all this data to find the most critical IT risks. Symantec Control Compliance Suite 10.5 builds upon previous versions of our solution to help simplify this process so that organizations can achieve greater insight and control over their key IT risks.”


“Data loss and theft is one of the biggest IT risks organizations face today. Our clients are realizing that content awareness is critical to addressing this issue,” said Vivian Tero, program director for IDC’s Governance, Risk and Compliance Infrastructure service.  “Customers need solutions that give a more complete view of their data loss risks. They not only need to track where their most critical data is across the organization, but also how this data is being used.  Security awareness training or re-education for employees who violate data protection policies is critical component of reducing data loss risk.”


Availability
Symantec Control Compliance Suite 10.5 is currently available.


Resources

Connect

About Symantec
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.


###


NOTE TO EDITORS : If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.


Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.


Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.