Symantec Adds Regulatory Compliance to Security Management Tool by Alex Woodie Companies looking to get a handle on their Sarbanes-Oxley Act or Gramm-Leach-Bliley Act requirements may want to check out new capabilities available in <a target="new" href="http://www.symantec.com">Symantec</a>'s Enterprise Security Manager Version 6.1, which started shipping in late October. The latest release of ESM, which supports OS/400 and other major platforms, features 75 pre-configured policy assessment templates for helping users understand what they need to do

laurelsandwichSoftware and s/w Development

Nov 25, 2013 (3 years and 8 months ago)

57 views

Symantec Adds Regulatory Compliance to Security Management Tool

b
y Alex Woodie


Companies looking to get a handle on their Sarbanes
-
Oxley Act or Gramm
-
Leach
-
Bliley Act requirements
may want to check out new capabilities available in <a target="new"
href="h
ttp://www.symantec.com">Symantec</a>'s Enterprise Security Manager
V
ersion 6.1, which started
shipping in late October. The latest release of ESM, which supports OS/400 and other major platforms,
features 75 pre
-
configured policy assessment templates for h
elping users understand what they need to do
to comply with new regulations.


Symantec Enterprise Security Manager is a security policy compliance program that provides centralized
and automated analysis of organizations' servers, databases, applications,
networks, and security controls.
The software performs more than 3,000 security checks and looks for unpatched vulnerabilities across
Windows, Linux, AIX, Solaris, HP
-
UX, NetWare, and VMS operating systems, as well as <a target="new"
href="http://www.oracl
e.com">Oracle</a> databases on Unix systems and <a target="new"
href="http://www.ibm.com">IBM</a> UDB DB2 and <a target="new"
href="http://www.microsoft.com">Microsoft</a> SQL Server databases on Windows systems.


With ESM 6.1, Symantec has partnered with
<a target="new" href="http://www.cognos.com">Cognos</a>
for "pre
-
configured policy assessment templates" for performing security audits for several new regulatory
standards. The capability
lets
users create impromptu reports quickly or use the report autho
ring tool for
more advanced reports. There are also 75 predefined reports in ESM that show compliance state and trends,
specific violations
,

and configuration changes on host systems. Reports can be automatically scheduled and
delivered via e
-
mail or acces
sed through a new Web portal Symantec provides with this release. Symantec
says the reports are suitable for consumption by executives as well as IT professionals.


Regulations covered by the new Cognos
-
powered reporting framework include Sarbanes
-
Oxley Se
ction
404, HIPAA, GLBA, the Federal Information Security Management Act (FISMA NIST 800
-
53), and North
American Electric Reliability Council reliability standards. Reports are also provided for ISO 17799, <a
target="new" href="http://www.sans.org ">SANS</a
> Institute Top 20 Internet Security Vulnerabilities for
Windows, Unix, and Linux systems, and <a target="new" href="http://www.cisecurity.org">Center for
Internet Security</a> CIS Benchmarks for Solaris vulnerabilities.


The ESM product suite bolsters da
ta center security through its Windows
-
based ESM Console, its
Windows
-

or Unix
-
based ESM Managers, and various ESM Agents that deploy to all supported platforms.
The company obtained its OS/400 agent technology through an OEM partnership with English OS/40
0
security experts <a target="new" href="http://www.safestone.com">SafeStone Technologies</a>.


ESM's OS/400 agent technology provides expansive and in
-
depth analysis and reporting of OS/400 security
settings. The agent includes 15 separate modules spread
across three areas, including user account and
authorization settings (with separate modules for account integrity, log
-
in parameters, and password
strength); network settings (with separate modules for backup integrity, device integrity, network integrity
,
OS/400 patches, startup files, and various system settings); files and programs (with file access, file
attributes, and query modules).


ESM is a component of Symantec's overarching Security Management System, which allows users to
correlate their secur
ity and regulatory compliance data from ESM with security event data gathered from
firewalls, intrusion detection systems, and vulnerability assessment products.


Symantec sells ESM 6.1 by the component. Pricing for an ESM Manager starts at $2,000. The OS/
400
Agent costs $1,695. For more information

on Symantec's enterprise security products
,

go to
<a
target="new" href="
http://enterprisesecurity.symantec.com
">
http://enterprisesecurity.symantec.com
</a>.