Symantec™ Security Compliance SolutionSymantec’s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall cost of managing IT security controls.

Today’s IT environments face growing security threats,

increasing complexity, and often-confusing regulatory

mandates. In response, many organizations are adopting

proactive strategies for security and compliance manage-

ment—strategies that depend on automated technologies

to reduce errors, improve security, and simplify auditing

and reporting. Symantec’s industry-leading Security

Compliance solution offers state-of-the-art automation

to help organizations better secure their systems and

maintain confi gurations, reduce operational security

management costs, and more effi ciently meet

compliance requirements.

Security Compliance Is Complex—and Costly

The security operations landscape is rapidly evolving. As more people have greater access to network resources, the risk—both internal and external—of information theft or loss due to breaches is increasing. The number of regulations and governance mandates is growing continuously as well, with more compliance requests originating from more diverse audiences every day. And because operations teams often rely on redundant, manual activities to implement and test IT controls, the potential for error is constantly on the rise.

In this environment, the resources required to manage IT controls are steadilyincreasing. Meanwhile, management pressure to reduce operating costs continues to mount. To meet these challenges, companies need an integrated, holistic approach to IT controls management.

4

IT security compliance

A better approach to IT security compliance

Many organizations are plagued by a lack of effective IT controls. A proactive approach to IT security compliance is required to enable them to:

• Detect IT control defi ciencies such as weak passwords, orphan accounts, and inappropriate access

• Assess IT risk and security threats

• Identify and incorporate best practices for remediating vulnerabilities more effi ciently

• Reduce the time and effort expended to produce IT audits and compliance reports for a variety of constituencies

To achieve these critical objectives, organizations need solutions that help them:

• Leverage a top-down, enterprise-level view into confi guration settings and access rights

• Centralize controls assessment and auditing, as well as security log monitoring and management

• Minimize unnecessary access to information

• Automate IT compliance reporting processes

5

Symantec’s Security Compliance Lifecycle

Symantec understands that compliance means more than just meeting regulations mandated by government or industry. It’s also about supporting business objectives and managing IT risk. To achieve compliance, there must be a tight alignment between IT risk and compliance activities so that operations teams can effectively secure the infrastructure in support of company policy while fulfi lling internal and external compliance demands.

Symantec has developed an automated solution to compliance that can help organizations realize such an alignment. We can help your operations team harness rising security and compliance management costs, better meet reporting requests, identify high-risk systems, and more effectively secure systems and confi gurations via a four-pronged approach.

Defi ne: First, Symantec helps companies understand their governance requirements, assess risk, and identify IT assets that may be affected by various standards, regulations, and security threats. We then help them automatically defi ne the IT controls environment and translate regulatory mandates into automated policies and controls.

Assess: Next, Symantec’s solution assesses the security compliance of IT controls by automatically testing and monitoring them.

Report: Symantec’s holistic solution provides detailed compliance and risk reports. Reporting is customized based on an organization’s requirements, such as by industry standards, regulations, platform, business units, or geography.

Remediate: Finally, the Symantec approach helps IT remediate control defi ciencies and respond quickly to security events.

6

7

“ Automating the management and monitoring of IT controls infrastructure and events can reduce operational costs by as much as 40 percent, minimize vulnerabilities and threats, and help satisfy compliance requirements.”

IT Policy Compliance Group

Automate, secure, and comply

Automate: “Moving compliance management from manual process controls to automated systems controls is less complex to the process owner and auditor, costs less because labor costs can be sharply reduced if controls are standardized and rationalized across the enterprise, and has side benefits of process improvement.”

Gartner

Secure: “Vulnerabilities must be viewed as part of an overall security management infrastructure that takes into account security policy, compliance, and risk management.”

IDC

Comply: “A comprehensive IT compliance program must structurally address the ability to maintain an authoritative control framework, identify and resolve control deficiencies, measure and report control effectiveness, and provide advisory services for IT controls.”

Forrester Research

An Industry-leading Compliance Platform

The foundation of the Symantec Security Compliance solution is Symantec™ Control Compliance Suite, an integrated offering that enables organizations to implement a cost-effective, holistic approach to compliance automation. Control Compliance Suite offers multiple modules and agents for the full range of security and compliance issues faced by today’s enterprises. It allows organizations to:

• Automate IT controls assessments, enabling consistent implementation, enforcement, and reporting to achieve secure confi guration compliance

• Leverage best-practices guidance based on regulations, benchmarks, and standards from the Center for Internet Security (CIS), National Security Agency (NSA), National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), Control Objectives for Information and related Technology (COBIT), the Sarbanes-Oxley Act, Payment Card Industry Data Security Standards, the Health Insurance Portability and Accountability Act (HIPAA), and more

• Map technical and procedural controls to their corresponding compliance objectives, including more than 125 prototypes that tightly link common policies and objectives

• Provide assessments and evidence of policy implementation and enforcement

• Monitor, remediate, and report on IT controls and privileged user access

• Incorporate IT controls status, event logs, and external intelligence on new and existing threats, and correlate the information to identify and prioritize critical events

• Initiate remediation through tight integration with popular help desk ticketing systems

• Implement compliance and security management as part of day-to-day operations, resulting in fewer control defi ciencies, less data leakage, and lower compliance and security management costs

Day-to-day use case scenarios

In day-to-day operations, IT can use Symantec Control Compliance Suite to:

• Automate controls testing—Test technical and procedural controls and assess compliance with policies

• Automate security event management—Monitor security violations and prioritize responses based on policies and regulations

8

• Manage control confi gurations—Identify gaps in IT controls, get guidance, and provide closed-loop remediation

• Monitor threats in real time—Identify threats and vulnerabilities in controls before they become security breaches

• Comply with audits and reporting requests—Measure IT risk and compliance, deliver dashboards and auditable evidence, and demonstrate controls effectiveness

9

A world-class solution from an industry leader

With more than 2,000 enterprise customers and the world’s largest configuration policy compliance installed base, Symantec is a global leader in security and compliance management. The company’s innovative products have received awards and recognition from top analysts and industry watchers:

• Leader in Worldwide Security and Vulnerability Management, IDC

• Leader in Magic Quadrant for Security Information and Event Management, Gartner

• Leader in IT Governance, Risk, and Compliance Management (Symantec Control Compliance Suite), Gartner

• Leaders in Secure Configuration Wave (Symantec Control Compliance Suite and Symantec Enterprise Security Manager), Forrester Research

• Leader in SIEM MQ and SIEM Wave (Symantec Security Information Manager), Gartner and Forrester Research

• Winner of Reader’s Choice Award (Symantec Security Information Manager), Information Security magazine, 2008

Additionally, Symantec offers:

• The industry’s broadest portfolio of leading security, backup, storage, and archiving controls

• Unmatched insight into the threat environment via the Symantec Global Intelligence Network

• Strong strategic partnerships with key storage vendors, auditing firms, and integrators

• The unparalleled expertise of Symantec Consulting Services and channel partners

Symantec’s comprehensive Security Compliance solution

provides a proactive, risk-based approach to managing IT

controls. Through its advanced automation technologies,

it enables security operations teams to better secure

systems and confi gurations, streamline compliance

reporting, and reduce associated costs. The bottom line

for your organization? Lower cost, better security, and

easier compliance—all from the market leader in security

information and vulnerability management. To fi nd out

more, visit www.symantec.com/compliance.

About Symantec

Symantec is a global leader

in providing security, storage

and systems management

solutions to help businesses and

consumers secure and manage

their information. Headquartered

in Cupertino, Calif., Symantec

has operations in more than

40 countries. More information is

available at www.symantec.com.

For specific country offices

and contact numbers please

visit our Web site. For information

in the U.S., call toll-free

1 (800) 745 6054

Symantec Corporation

World Headquarters

20330 Stevens Creek Boulevard

Cupertino, CA 95014 USA

+1 (408) 517 8000

1 (800) 721 3934

www.symantec.com

Copyright © 2008 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affi liates in the U.S. and other countries. Other names may be trademarks of their respective owners. 06/08 14161725