Whats New in Symantec Control Compliance

Suite 11?
Overview: IT Risk and Compliance
Overview

then be analyzed and used to guide remediation efforts based

As a current user of Symantec Control Compliance Suite you

on business priorities as well as technical severity.

already benefit from being able to leverage a holistic, fully

Control Compliance Suite Risk Manager allows you to

automated solution to address your IT risk and compliance

communicate IT risks to key business stakeholders in a

requirements. However, with security threats and risk

manner they can really understand and act upon. Rather than

management now becoming part of boardroom-level

sending Business Unit owners reports highlighting

discussions, the need to effectively communicate IT risks in

outstanding configuration issues or un-patched vulnerabilities

business-relevant terms is more critical than ever before.

across their business, now you can provide a customized

Control Compliance Suite 11 is designed specifically to

dashboard illustrating how these issues are causing

address this challenge with our new Risk Manager module and

unacceptably high risk scores on their online e-commerce site

a number of key enhancements to our reporting and

or transaction processing systems. Communicating IT risks in

assessment capabilities.

these business-relevant terms helps drive the awareness,

action, and accountability needed to improve your overall

Control Compliance Suite Risk Manager

security posture.

Building upon our core strength evaluating IT risk at an asset

level, Control Compliance Suite 11 features a new Risk

Next Generation Dashboards

Manager module designed to translate IT risk into business-

Control Compliance Suite 11 features a number of significant

relevant terms. Risk Manager allows you to define a virtual

enhancements to our Web-based dashboards. These

business asset you want to manage from a risk perspective.

enhancements include out-of-the-box risk and compliance

This business asset could be a business process, group, or

views defined by role, and multiple layers of drill-downs, from

function. By combining and assessing all of the IT assets

high-level dashboards for executives to configurable deep

associated with this virtual business asset, you can start to

drill-down reports for IT Operations.

get a better understanding of IT risk levels. Leveraging

Improved dynamic filtering allows you to easily pinpoint what

customizable Web-based dashboards, you can visualize how

is contributing to a certain IT risk score, or causing you to

you are doing against pre-established risk thresholds, while

exceed an established risk threshold. For example, a Business

projecting risk reduction over time as scheduled remediation

Unit lead views a dashboard panel with a graph illustrating

activities take place.

that his order processing system has exceeded its risk

With Control Compliance Suite Risk Manager now you can

threshold. By right-clicking on this graph, the Information

take the rich data you are already gathering from Standards

Security and IT Operations teams drill down and see that

Manager or Assessment Manager, combine that with data

there is an issue with the database servers. The Database

from other Symantec or non-Symantec solutions, and

Operations Manager drills down further, identifying that the

visualize it through a risk lens. Using our scalable data

issue is on their Oracle databases. This prompts him to alert

framework, you can aggregate and normalize thousands of

the Oracle Database Administrator who drills down even

data points from multiple different sources. This data can

further to identify exactly what needs to be remediated.

Previously there was no way to interact with dashboard panels

Overview: IT Risk and Compliance

Whats New in Symantec Control Compliance Suite 11?
to create these different views. In order to view the data in

accepting additional risks associated with this exception for

different formats, it was necessary to define different panel

which they had very little insight. With Control Compliance

views up front, or export the background data into a

Suite 11, they can now grant exceptions to select checks

spreadsheet and manually sort through it.

which make up the broader standard. This provides the

flexibility to meet the specific needs of their environment,

Enhanced Architecture

without having to accept unknown security risks.

Control Compliance Suite has long provided the flexibility to

assess an environment through agent-based or agentless data

Symantec Solutions for IT Risk and Compliance

gathering options. With this latest release, we provide even

Control Compliance Suite provides a solid framework on

greater flexibility by combining agent-based and agentless

which to build your IT Governance, Risk and Compliance

data gathering options into one data collection infrastructure

program. You can communicate IT risk in business-relevant

with a single console. This reduces the amount of

terms, prioritize remediation efforts based on risk, and

infrastructure needed for a deployment, and greatly simplifies

automate time-consuming manual processes to improve your

server configuration and management.

overall security and compliance posture.

For customers who have deployed an agentless model in their

Control Compliance Suite is a modular solution, comprising of

environment, this architectural enhancement allows them to

five key components which are fully interoperable and

cost-effectively take advantage of the increased reliability of

available separately or as part of the broader suite. Key

agent-based data gathering for critical or remote systems,

infrastructure capabilities available with all modules include a

without having to introduce additional data collectors.

unique and highly scalable data framework to normalize and

Conversely, customers using agent-based data gathering can

analyze large volumes of data, customizable Web-based

now easily deploy agentless architecture to handle systems

dashboards and reports, and workflow integration with

which are constantly moving on and off their network, such as

remediation ticketing systems.

dynamic server populations. Thanks to our unified platform,

Symantec Control Compliance Suite Risk Manager conveys

this can be done without having to deploy additional servers

the impact of IT risk in business-relevant terms. You can work

or deal with data coming from two different systems.

with business leaders to identify IT risk thresholds, assign

ownership and track risk reduction over time.

Evidence-Based Exceptions
Control Compliance Suite 11 features the ability to create

Symantec Control Compliance Suite P

Polic
olicyy Manager

evidence-based exceptions. This new feature allows you to

simplifies policy management with out-of-the-box policy

grant an exception based on a particular piece of evidence

content for multiple mandates, automatically mapped to

associated with a control rather than the entire control. By

controls and updated on a quarterly basis.

applying more granularity towards the exception process, you

Symantec Control Compliance Suite Standards Manager is

can significantly enhance your ability to manage IT risks.

an industry-leading configuration assessment solution,

Consider the following example. In order to comply with PCI,

designed to evaluate if systems are secured, configured, and

an organization needs to make a change to one of the firewall

patched according to standards.

settings for a given server. With previous versions of Control

Compliance Suite, they would have had to grant this exception
at the control level, resulting in the server being exempted
from all firewall requirements. This would have meant

Overview: IT Risk and Compliance

Whats New in Symantec Control Compliance Suite 11?
Symantec Control Compliance Suite V
Vulnerabilit
ulnerabilityy

More Information

Manager performs end-to-end vulnerability assessment of

Visit our website

Web applications, databases, servers and network devices,

www.symantec.com/ccs

delivering a single view of security threats across your IT

For information on training, visit

infrastructure.

http://www.symantec.com/business/

Symantec Control Compliance Suite Assessment Manager

theme.jsp?themeid=ccs_training

simplifies the evaluation of procedural controls governing

To speak with a Product Specialist in the U.S.

employee behavior, by providing automated Web-based

Call toll-free 1 (800) 745 6054

questionnaires which can also be used to drive security

To speak with a Product Specialist outside the U.S.

awareness training.

For specific country offices and contact numbers, please visit

our website.
About Symantec
Symantec is a global leader in providing security, storage, and
systems management solutions to help consumers and
organizations secure and manage their information-driven
world. Our software and services protect against more risks at
more points, more completely and efficiently, enabling
confidence wherever information is used or stored.
Headquartered in Mountain View, Calif., Symantec has
operations in 40 countries. More information is available at
www.symantec.com.
Symantec World Headquarters
350 Ellis St.
Mountain View, CA 94043 USA
+1 (650) 527 8000
1 (800) 721 3934
www.symantec.com

Disclaimer: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to
product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be
relied upon in making purchasing decisions. Copyright 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
21222202 01/12