CA Move Takes on IT Risk, Security | eWeek

CA Move Takes on IT Risk, Security

Écrit par
Brian Prince
Brian Prince
Oct 5, 2007
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

CA took another step into the IT risk and compliance market Oct. 4 by unveiling two products—one still in beta—aimed at helping organizations meet business-critical governance, risk and compliance objectives.

CA Security Vulnerability Manager, now in beta, is the companys bid at ensuring organizations can identify vulnerabilities in software and configuration settings as part of an overall risk management strategy.

“CA SVM runs an asset inventory service on the host that provides the details of all software—down to release and patch levels—installed on that host,” said David Hurwitz, CAs chief marketing officer for its Clarity products. “It then correlates that asset data with our vulnerability database. Vulnerabilities can be identified in operating systems, applications, devices and databases.”

Scans can be set to run on a schedule or on demand from the management system, Hurwitz said.

“The outcome is a risk-prioritized task list that allows the security team to focus their remediation efforts on vulnerabilities that present the highest risk to their organization,” he said.

CA has a tool that fights zero-day exploits. Read more here.

CA also unveiled CA GRC Manager. Built on the companys Clarity PPM platform, the product combines project, resource and financial management capabilities into one system.

“It provides visibility into the resources needed for and the costs associated with compliance of a particular control and offers the ability to view all of this information in a single solution,” Hurwitz said.

CA is the only company to offer a visual portfolio-based approach to IT risk management, rather than the tabular-based approach offered by competitors that fails to provide customers with a singular view of the facts required to efficiently manage risk, he added. The approach will be integrated with CA SVM so information about controls related to system vulnerabilities can be passed to GRC Manager without having to be uploaded manually.

CA GRC Manager also allows users to align their IT risks and controls with specific corporate policies and regulatory and legal requirements. The product includes the Unified Compliance Framework, which maps a set of more than 4,000 control objectives to 280 standards and regulations including the Sarbanes-Oxley Act and PCI.

“Every organization knows that it has serious GRC [governance, risk and compliance] issues, but no organization has unlimited resources to devote to those issues,” said Richard Ptak, managing partner at Ptak, Noel & Associates, in a statement. “The tools that CA is providing to help managers maintain alignment between resource allocation and business risk are therefore extremely crucial to the success of its customers GRC initiatives.”

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.