Symantec Control Compliance Suite v11
June 03, 2013
Cost varies depending on a number of variables, including the size of the environment, and the number of assets, platforms and users
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Dynamic dashboards; pivot-based reporting; full integration between managers
- Weaknesses: Licensing model; support is costly
- Verdict: Well integrated, full-featured, all-encompassing GRC platform
Symantec Control Compliance Suite (CCS) automates key IT risk and compliance management tasks. It is an integrated solution comprising several different modules, including vulnerability, security, risk, policy, assessment and vendor risk management. Users can deploy a combination of these modules to meet business objectives.
The CCS risk approach includes a definition of a business asset that one wants to manage, understand the IT risk for this asset, prioritise remediation based on IT risk, and then monitor risk reduction over time.
Risk Manager is a new module that allows users to create a view of IT risk as it relates to a business asset - whether that is a business process, group or function. This piece provides the ability to define a virtual business asset that one can manage from an IT risk perspective. By grouping together all of the IT ingredients associated with one's virtual business asset, the user can manage the composite risk associated with it. Risk can then be determined from assessment-driven results and vulnerability information.
The Policy Manager helps one plan for internal and external audits using more than 150 customisable policy templates, all mapped to centralised controls. Policy lifecycle management and policy-attestation tracking are all built into the module.
The Assessment Manager delivers out-of-the-box content for multiple regulations, frameworks and best practices. Its content is based on an Oval model. Symantec also delivers content based on its own team.
Vulnerability Manager delivers end-to-end vulnerability assessment of web functions, databases, servers and other network devices.
Additionally, CCS natively gathers security configuration data from server, database and application platforms. Data can also be consumed from external asset systems, including Active Directory, Altiris and other configuration management databases. Third-party assessment data is ingested through External Data Integration and Connectors using comma-separated values, open database connectivity or web service connectivity. Advanced risk scoring allows users to differentiate between real and potential threats, ensuring the most critical and exploitable vulnerabilities are given priority when it comes to remediation efforts.
A dynamic dashboard and reporting are updated in this release - and are well done. Risk and compliance scores roll up neatly, and the ability to move right from reporting into remediation workflows, controls review and risk-scoring detail helps every level of user. The data framework and extensive controls library provide a normalised view of one's data, and the analytics capabilities deliver valuable information to the reports and dashboards. One can move right from graphical views directly into the pivot-based detail, making it simple to research or interrogate the information.
No base support is included with the product. There are basic and essential assistance options available for purchase at 23 and 28 per cent of the manufacturer's suggested retail price. Support options are accessible via phone, email or web.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry