Symantec Singapore
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy
press centre

Symantec Introduces Centralised, Open Information Security Management

The Symantec Security Management System Provides a Comprehensive View of Security, Enabling Proactive Defense and Real-Time Enterprise-Wide Response

SINGAPORE -- October 29, 2002 -- Symantec Corp., the world leader in Internet security, today announced the Symantec Security Management System, a comprehensive set of management applications that improves the effectiveness of the information security environment by delivering proactive control of the security infrastructure and correlated information for better decision-making.

"The primary challenges most enterprises face are managing their complex security infrastructure and the overwhelming data flow created by all the security devices they've deployed," said Ross Wilson, Senior Regional Director, South East Asia, Symantec. "With the introduction of the Symantec Security Management System we will provide our customers open policy and incident management capabilities that allow users to proactively secure their network against known threats and to respond in real-time against new attacks."

The Need for a Comprehensive View of Security Posture
Today's CIOs and CISOs are also under intense pressure when it comes to security. In addition to higher expectations from customers, investors and the general public with regard to regulatory requirements, legal liability and fiduciary responsibility, the increased complexity and number of attacks are causing greater damage. These pressures drive the need for a comprehensive approach to security management.

About The Symantec Security Management System
The three key components of the Symantec Security Management System are Symantec Event Managers, Symantec Incident Manager and Symantec ESM for policy compliance.

Symantec Event Managers
Each message is termed a security event, and nearly 10 million occur each month in organizations of even moderate size. An event may be anything from a malformed or over-length network packet, potentially indicating a buffer-overflow attack, to a failed login on a computer that may be critical or relatively insignificant. Taken individually, it is difficult to determine if a given event indicates trouble or not.

For enterprise customers who want a complete view of security events for just a specific area of protection, Symantec introduces Symantec Event Manager for Anti-Virus and Symantec Event Manager for Firewall. These Event Managers consolidate data from Symantec's and other vendor's protection solutions to provide the customer with a complete view of virus and firewall events. Customers can collect data from third-party vendor security products including Network Associates antivirus data and Check Point firewalls. Additional event collectors are expected to be available in the December quarter.

Symantec is working with third party vendors to create collectors through a partner program, to be formally announced in the first quarter of 2003.

Symantec Incident Manager
An incident is an event or condition that requires a response and closure. Active attacks or virus outbreaks are incidents that are usually comprised of one or more events. Known system vulnerabilities or discovered policy violations should also be treated as incidents that require a response. However, the challenge is sorting through the millions of events to find the incidents in time to take action.

For enterprise customers with large networks yielding massive amounts of security events on a daily basis, there is a greater need for a real-time aggregated and correlated view of security data across network tiers and security technologies. Symantec Incident Manager provides open, real-time incident management that helps enterprises maximize the value of their security technologies, and identify and respond rapidly to security breaches.

Symantec Incident Manager identifies, consolidates and correlates security events from multiple point products and security technologies from a variety of vendors. Symantec Incident Manager analyzes and correlates events to identify incidents, then tracks the resolution of each one to closure. It also allows for the customized setting of incident priorities based on the severity of the impact to business and dynamically adjusts those priorities through each incident's lifecycle.

Symantec Incident Manager also employs a powerful risk analysis engine that determines the impact of each incident based on the relative confidentiality, integrity and availability rating of each asset in the system. The risk analysis engine takes into account what actions have been taken to resolve an incident and dynamically balances the priority of each incident compared to all open incidents. This allows staff to focus resources on resolving the most critical incidents first.

Symantec Incident Manager issues alerts and notifications throughout the lifecycle of an incident. It notifies security personnel when an incident is first detected and constantly monitors the progress being made to resolve each incident. It issues alerts in advance of Security-Level Agreement (SLA) deadlines, implemented by many organizations, which require a response for each of these phases within a specified time. This is an invaluable resource for both meeting audit requirements and improving response procedures.

Further, Symantec Incident Manager is backed by Symantec Security Response, which describes known vulnerabilities and serves as a reference to guide staff as they identify and resolve incidents. This valuable intellectual property includes a comprehensive database of new signatures, vulnerabilities, safeguards and response guidance, and is regularly updated from the largest and most comprehensive collection of security intelligence available.

Symantec is also creating third-party relays so that information can flow easily from the Symantec Security Management System to other network and system management products. A relay component for IBM Tivoli Risk Manager, including the Tivoli Enterprise Console, will be available in the December quarter.

"IBM and Symantec share a common mission to manage security across our customers' complex, multi-vendor environments," said Arvind Krishna, vice president of security products, Tivoli Software, IBM. "Through integration between Tivoli and Symantec software products, IBM can continue to provide the automated, self-protecting security management infrastructure our joint customers expect."

Symantec ESM
For enterprise customers who are looking for a more comprehensive approach to security management, Symantec ESM, an industry-leading security policy compliance and vulnerability management solution, can be integrated with Symantec Incident Manager to track the resolution of identified policy non-compliance incidents to closure. As a stand-alone security application, Symantec ESM enables enterprises to create customized security policies and manage policy compliance in mission critical business applications and servers across a heterogeneous enterprise from a single location. Together, Symantec Incident Manager and Symantec ESM provide a coordinated, comprehensive approach to managing the security posture across the enterprise.

When integrated with Symantec Incident Manager, Symantec ESM adds important capabilities to identify and resolve policy non-compliance issues and eliminate vulnerabilities. As discussed above, any identified vulnerability or non-compliance condition can be treated as an incident within the context of Symantec Incident Manager.

About Symantec Enterprise Security Architecture
The Symantec Security Management System components are built in compliance with Symantec Enterprise Security Architecture, which provides a standards-based interoperability framework for Symantec and third-party solutions to work together to provide secure, manageable, and scalable enterprise security. Customer environments are heterogeneous and often contain security products from many vendors. Therefore, an interoperable architecture is a critical enabler to enterprises that need strong security and centralized management.

Pricing and Availability Details
Symantec Event Manager for Anti-Virus is scheduled to be available in late October and Symantec Event Manager for Firewall is scheduled to be available in December. Both will be available through Symantec's worldwide network of value-added authorized resellers, distributors and systems integrators. Symantec Incident Manager is scheduled to be available in late November from Symantec and will initially be sold through elect Symantec value-added systems integrators and authorized resellers. Broader availability is expected at a later date. Symantec ESM is currently available through Symantec's worldwide network of value-added authorized resellers, distributors and systems integrators.

About Symantec
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, virus protection, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

FORWARD LOOKING STATEMENT: This press release contains forward-looking statements, including anticipated activities and results that involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to differ materially from results expressed or implied by this press release. Such risk factors include, among others: the sustainability of recent growth rates, particularly in consumer products; the anticipation of the growth of certain market segments, particularly enterprise security; the positioning of Symantec's products in those segments; the competitive environment in the software industry; general market conditions, fluctuations in currency exchange rates, changes to operating systems and product strategy by vendors of operating systems; acquisition risks, including the risks that Symantec will not successfully integrate the businesses, technology and/or personnel; and whether Symantec can successfully develop new products and the degree to which these gain market acceptance. Actual results may differ materially from those contained in the forward-looking statements in this press release. Additional information concerning these and other risk factors is contained in the Risk Factors sections of the Company's previously filed Form 10-K for the year ended March 31, 2002 and Form 10-Q for the quarter ended June 30, 2002. Symantec assumes no obligation to update any forward-looking information contained in this press release except as otherwise required by law.