Symantec Introduces Centralised Open Information Security Management
The Symantec Security Management System provides a comprehensive view of security, enabling proactive defence and real-time enterprise-wide response
Hong Kong -- November 7, 2002 - Symantec, the world leader in Internet security, has announced the Symantec Security Management System, a comprehensive set of management applications that improves the effectiveness of the information security environment by delivering proactive control of the security infrastructure and correlated information for better decision-making.
"The primary challenges enterprises face are managing a complex security infrastructure and the overwhelming data flow created by all the security devices they've deployed," said Rob Clyde, Chief Technology Officer of Symantec, during the Symantec Security Management System launch in Hong Kong. "Symantec's approach is to provide open policy and incident management capabilities that allow enterprises to proactively secure their networks against known threats and to respond in real time against new attacks."
"Managing enterprise security today is a difficult process, delivered through a combination of disparate commercial products from different vendors lacking integration and interoperability. The result is a high degree of complexity and increased operational costs, and reliance on isolated security data to make critical security decisions," said David Sykes, North Asia Director of Symantec.
Multiple protection products throughout the enterprise scan systems and network traffic, and send messages on every suspicious activity. Each message is termed a security event, and nearly 10 million occur each month in organisations of even moderate size. An incident is an event or condition that requires a response and closure. Active attacks or virus outbreaks are incidents that usually comprise one or more events. Known system vulnerabilities or discovered policy violations should also be treated as incidents that require a response. However, the challenge is sorting through the millions of events to find the critical incidents in time to take action.
The Symantec Security Management System
The three key components of the Symantec Security Management System are
Symantec Event Managers, Symantec Incident Manager and Symantec ESM for policy compliance.
Symantec Event Managers
Developed for enterprises that want a complete view of security events for a specific area of protection, Symantec Event Manager for Anti-Virus and Symantec Event Manager for Firewall consolidate data from Symantec's and other vendor's protection solutions to provide a complete view of virus and firewall events. Customers can collect data from third-party vendor security products including Network Associates antivirus data and Check Point firewalls. Additional event collectors are expected to be available in the December quarter.
Symantec Incident Manager
Symantec Incident Manager identifies, consolidates and correlates security events from multiple-point products and security technologies from a variety of vendors. Not only does it analyse and correlate events to identify incidents, then track the resolution of each one to closure, it also allows for the customised setting of incident priorities based on the severity to business and dynamically adjusts those priorities through each incident's lifecycle.
Symantec Incident Manager provides dynamic, expert guidance, based on a SANS and CERT incident response best-practices framework. It also employs a powerful risk analysis engine that determines the impact of each incident based on the relative confidentiality, integrity and availability rating of each asset in the system. The risk analysis engine takes into account what actions have been taken to resolve an incident and dynamically balances the priority of each incident compared to all open incidents. This allows staff to focus resources on resolving the most critical incidents first.
During the lifecycle of an incident, Symantec Incident Manager issues alerts and notifications to security professionals tracking and recording every action taken to identify and resolve it. Symantec Incident Manager generates reports that illustrate the type and severity of threats and measure the effectiveness of the organisation's response. It also comes with the guarantee of support from Symantec Security Response, the world's leading Internet security research and support organisation.
Symantec is also creating third-party relays so that information can flow easily from the Symantec Security Management System to other network and system management products. A relay component for IBM Tivoli Risk Manager, including the Tivoli Enterprise Console, will be available later this year.
Symantec ESM
Symantec ESM is an industry-leading security policy compliance and vulnerability management solution. It can be integrated with Symantec Incident Manager to track the resolution of identified policy non-compliance incidents to closure.
As a stand-alone security application, Symantec ESM enables enterprises to create customised security policies and manage policy compliance in mission-critical business applications and servers across a heterogeneous enterprise from a single location. Together, Symantec Incident Manager and Symantec ESM provide a coordinated, comprehensive approach to managing the security posture across the enterprise.
About Symantec Enterprise Security Architecture
The Symantec Security Management System components are built in compliance with Symantec Enterprise Security Architecture, which provides a standards-based interoperability framework for Symantec and third-party solutions to work together to provide secure, manageable, and scalable enterprise security. Customer environments are heterogeneous and often contain security products from many vendors. Therefore, an interoperable architecture is a critical enabler to enterprises that need strong security and centralised management.
Availability
Symantec Event Manager for Anti-Virus is scheduled to be available in early December and Symantec Event Manager for Firewall is scheduled to be available later the same month . Both will be available through Symantec's worldwide network of value-added authorised resellers, distributors and systems integrators. Symantec Incident Manager is scheduled to be available in late November from Symantec, and will initially be sold through select Symantec value-added systems integrators and authorised resellers. Broader availability is expected at a later date. Symantec ESM is currently available through Symantec's worldwide network of value-added authorised resellers, distributors and systems integrators. Local Symantec partners can be located at http://www.symantec.com/region/hk/purchase/corporate.html
About Symantec
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, virus protection, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, California, Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com.
NOTE TO EDITORS:
Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.
|
