Symantec Launches New IT Policy Compliance Offering
Customers Provided Automated Assessment of
Deviations from IT Controls Standards and Enhanced Platform Support
Symantec Corp. (Nasdaq: SYMC) today announced Symantec Control Compliance Suite, an upgrade to the bv-Control portfolio
of products that helps customers reduce the cost and complexity of IT policy compliance through automated assessment of
policies against industry regulations, standards and best practices. Symantec Control Compliance Suite’s new data
gathering functions such as agentless reporting and database discovery offer a comprehensive solution for IT control
compliance reporting across disparate platforms, providing a cost-effective method for managing global IT risks.
More than 4,000 customers worldwide currently have Symantec Control Compliance Suite components installed, relying on
these automated tools to efficiently govern their IT compliance posture by detecting drift from secure baselines,
identifying accounts with blank passwords and notifying the organisation when administrative accounts receive new
members.
Customers are offered unparalleled auditing capabilities with hundreds of ready-to-run reports using easy customisation
options and flexible audit creation in each environment to improve internal and external audits.
IT administrators are able to be proactive in even the most resource-constrained environments by automating tasks
enterprise-wide. This automated functionality helps to streamline compliance with such regulations as Sarbanes-Oxely,
FISMA or HIPAA, while dramatically reducing the costs of doing regular audits.
“As organisations continue to face stringent IT policy compliance requirements, Symantec is committed to helping
customers define what they would like to be compliant to, control their IT environment to achieve compliance and help
them govern that compliance posture over time,” said Tim Hartman, technical director, Symantec.
“Symantec Control Compliance Suite reduces costs associated with compliance by automating the management of deviations
from technical standards and providing the ability to effectively remediate misconfigurations.”
Tracking compliance to IT controls related to important regulations and frameworks, Symantec Control Compliance Suite
provides an efficient means to assess compliance to control systems based on custom mappings between technical standards
and frameworks and regulations. Symantec Control Compliance Suite supplies regulatory content for Sarbanes-Oxley, FISMA,
HIPAA, GLBA, Basel II and framework content for ISO 17799, COBIT and NIST SP800-53.
Symantec Control Compliance Suite allows customers to produce ‘Evidence of Review’ reporting to facilitate management
review of access controls as mandated by Sarbanes-Oxley and other regulations to prove that privilege grants conform to
access needs.
This is supplied through granular, detailed entitlement reports that show who has access to specific information, what
each individual has access to and who the business owner is for the data.
Customers are offered powerful closed-loop identification and resolution to find and eliminate security vulnerabilties.
Symantec Control Compliance Suite provides detailed remediation instructions to correct deviations and integrates with
existing change control ticketing systems, such as Remedy and HP Service Desk, to ensure that changes are made only
after appropriate authorisation and with proper oversight.
In addition, IT administrators can establish baseline configurations for all major operating systems by creating a
custom technical standard or building a reference template from pre-existing internal standards. Technical standards can
be exported for archive and business continuity purposes.
Technical Standard Packs are available for the following operating systems and applications: Windows, UNIX, Linux,
NetWare, SQL Server, Oracle and Exchange.
Symantec Control Compliance Suite 8.2 includes agentless UNIX reporting, Oracle patch assessment and database discovery,
and reporting and database activity auditing on SQL Server 2005.
In addition, customers are provided support for mobile devices connecting to Microsoft Exchange servers. It also
integrates with Symantec BindView Policy Manager to provide proof of security configuration compliance with broader
corporate policy.
Symantec Control Compliance Suite is a key component of Symantec’s IT Policy Compliance solution. The Symantec IT Policy
Compliance solution offers customisable products and services designed to help customers define, control and govern
their IT compliance initiatives.
Licensing and Availability
Symantec Control Compliance Suite 8.2 is currently available through Symantec’s worldwide network of value-added
resellers, distributors and systems integrators. Organisations seeking a reseller or distributor should contact Symantec
at http://enterprisesecurity.symantec.com.
About Symantec
ENDS
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security,
availability and integrity of their information. Headquartered in Cupertino, California, Symantec has operations in more
than 40 countries. More information is available at www.symantec.com.
###