McAfee and RSA have launched a joint solution to integrate security and compliance data in order to offer a deeper understanding of risk and compliance issues.

According to the companies, by linking McAfee's ePolicy Orchestrator platform with business infrastructure and compliance data in the RSA Archer eGRC Platform and the Archer Enterprise Management solution, this will correlate device-level security risks with overall impacts on business performance.

Dave Anderson, senior director of security management at McAfee, said: “The McAfee and RSA solution provides greater visibility into the state of security and compliance across the enterprise infrastructure and enables a more comprehensive understanding of the business's risk and compliance (GRC) posture.

“The integration allows organisations to utilise McAfee security management products to manage system level security while also incorporating data and findings from those products into their risk and compliance management processes within the RSA Archer eGRC Platform.”

They said that the integration will allow risk and compliance calculations to be based on data coming from the McAfee Risk Advisor and allow for overall visibility of the current security risk and holistic visibility to be viewed.

They also said that the integration can populate the devices application within Archer with systems in the infrastructure being managed by the ePolicy Orchestrator to help ensure that device/platform-level information is consistent between governance, risk and compliance processes and IT operations.

David Walter, senior director of RSA, said: “This integrated offering provides customers with the opportunity to improve IT-GRC programs with information from security management processes. The Archer eGRC platform understands business criticality, and adding this enables customers to prioritise the issues being documented in McAfee ePO against their business objectives.

“This enables better business decisions about where resources are placed, resulting in an effective risk-based way to respond quickly to new threats, address program deficiencies and reduce vulnerabilities across all domains and lines of business in the enterprise.”