Governance, Risk & Compliance

Governance, Risk & Compliance

November 21, 2012

Symantec Tames IT Risk Management with Control Compliance Suite 11

Symantec (News - Alert) released Control Compliance Suite 11 this summer to help enterprises manage the complex requirements set forth by governance, risk and compliance (GRC) management. This latest product has the Control Compliance Suite Risk Manager Module, which automates much of the governance and auditing process that normally causes some frustration and confusion in IT managers who oversee enterprise networks.

Symantec aims to ease the complicated task of IT system governance, risk and compliance (GRC) management with the help of its new release. The new product helps IT managers understand how the complexity of IT infrastructure affects compliance and risks – critical business concerns.

A network-installed security product, Symantec Control Compliance Suite 11 (CCS) brings auditing functionality to IT managers, responsible for risk assessment, compliance and overall governance of complex IT infrastructures. To function, the product relies on MS Windows Server 2003 SP2 or 2008 and Microsoft (News - Alert) SQL Server 2005 SP2.

Easily deployable, the modular solution is licensed for enterprise-wide deployments, pricing being determined by the size of the company.

A typical configuration will cost about $150 per user.

The most relevant module in the solution is the Risk Manager Component. It is designed to help IT managers determine the level of risk that IT Infrastructures present. Risk Manager automatically audits and documents the asset and provides actionable information to reduce the assessed risks.

Triggers can be set by administrators – such as "risk thresholds," which can then serve as alerts. These alerts when notified can inform administrators when an asset’s security is compromised. Remediation recommendations are also provided by Risk Manager.

It assists administrators in prioritizing remediation tasks as well.

CCS uses a browser-based GUI and has customizable dashboards that support drill-down capabilities. Its assessment process is the real deal. The CCS suite assesses and discovers critical vulnerabilities and vet procedures and then report back on the findings. CCS uses both agent-based and agentless clients to query systems to gather data.

CCS can also leverage other security products installed in the enterprise and import data. Data is then imported using ODBC, WEB APIs and flat file formats.

CCS’s capabilities are based on administrator-defined policies. Administrators can use given templates and customize and create the policies that suit them best. Symantec has bundled in as many as 150 mandates, best practices, regulations and other elements to make policy creation an easy and straightforward process.

The policies are mapped to Risk Manager that then provides detailed support for remedial measures and thus helps administrators in reducing risks and other non-compliance issues. CCS can be integrated with third-party ticketing systems, thus bringing unified task management to enforce the best remedial measures possible for risk management.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.

Edited by Braden Becker

blog comments powered by Disqus