Symantec Adds Regulatory Compliance to Security Management Tool

Companies looking to get a handle on their Sarbanes-Oxley Act or Gramm-Leach-Bliley Act requirements may want to check out new capabilities available in Symantec‘s Enterprise Security Manager Version 6.1, which started shipping in late October. The latest release of ESM, which supports OS/400 and other major platforms, features 75 pre-configured policy assessment templates for helping users understand what they need to do to comply with new regulations.

Symantec Enterprise Security Manager is a security policy compliance program that provides centralized and automated analysis of organizations’ servers, databases, applications, networks, and security controls. The software performs more than 3,000 security checks and looks for unpatched vulnerabilities across Windows, Linux, AIX, Solaris, HP-UX, NetWare, and VMS operating systems, as well as Oracle databases on Unix systems and IBM UDB DB2 and Microsoft SQL Server databases on Windows systems.

With ESM 6.1, Symantec has partnered with Cognos for “pre-configured policy assessment templates” for performing security audits for several new regulatory standards. The capability lets users create impromptu reports quickly or use the report authoring tool for more advanced reports. There are also 75 predefined reports in ESM that show compliance state and trends, specific violations, and configuration changes on host systems. Reports can be automatically scheduled and delivered via e-mail or accessed through a new Web portal Symantec provides with this release. Symantec says the reports are suitable for consumption by executives as well as IT professionals.

Regulations covered by the new Cognos-powered reporting framework include Sarbanes-Oxley Section 404, HIPAA, GLBA, the Federal Information Security Management Act (FISMA NIST 800-53), and North American Electric Reliability Council reliability standards. Reports are also provided for ISO 17799, SANS Institute Top 20 Internet Security Vulnerabilities for Windows, Unix, and Linux systems, and Center for Internet Security CIS Benchmarks for Solaris vulnerabilities.

The ESM product suite bolsters data center security through its Windows-based ESM Console, its Windows- or Unix-based ESM Managers, and various ESM Agents that deploy to all supported platforms. The company obtained its OS/400 agent technology through an OEM partnership with English OS/400 security experts SafeStone Technologies.

ESM’s OS/400 agent technology provides expansive and in-depth analysis and reporting of OS/400 security settings. The agent includes 15 separate modules spread across three areas, including user account and authorization settings (with separate modules for account integrity, log-in parameters, and password strength); network settings (with separate modules for backup integrity, device integrity, network integrity, OS/400 patches, startup files, and various system settings); files and programs (with file access, file attributes, and query modules).

ESM is a component of Symantec’s overarching Security Management System, which allows users to correlate their security and regulatory compliance data from ESM with security event data gathered from firewalls, intrusion detection systems, and vulnerability assessment products.

Symantec sells ESM 6.1 by the component. Pricing for an ESM Manager starts at $2,000. The OS/400 Agent costs $1,695. For more information on Symantec’s enterprise security products, go to http://enterprisesecurity.symantec.com.