CA Move Takes on IT Risk, Security

CA pulls the covers off two products to help organizations manage risk and compliance.

CA took another step into the IT risk and compliance market Oct. 4 by unveiling two products—one still in beta—aimed at helping organizations meet business-critical governance, risk and compliance objectives.

CA Security Vulnerability Manager, now in beta, is the companys bid at ensuring organizations can identify vulnerabilities in software and configuration settings as part of an overall risk management strategy.

"CA SVM runs an asset inventory service on the host that provides the details of all software—down to release and patch levels—installed on that host," said David Hurwitz, CAs chief marketing officer for its Clarity products. "It then correlates that asset data with our vulnerability database. Vulnerabilities can be identified in operating systems, applications, devices and databases."

Scans can be set to run on a schedule or on demand from the management system, Hurwitz said.

"The outcome is a risk-prioritized task list that allows the security team to focus their remediation efforts on vulnerabilities that present the highest risk to their organization," he said.


CA has a tool that fights zero-day exploits. Read more here.

CA also unveiled CA GRC Manager. Built on the companys Clarity PPM platform, the product combines project, resource and financial management capabilities into one system.

"It provides visibility into the resources needed for and the costs associated with compliance of a particular control and offers the ability to view all of this information in a single solution," Hurwitz said.

CA is the only company to offer a visual portfolio-based approach to IT risk management, rather than the tabular-based approach offered by competitors that fails to provide customers with a singular view of the facts required to efficiently manage risk, he added. The approach will be integrated with CA SVM so information about controls related to system vulnerabilities can be passed to GRC Manager without having to be uploaded manually.

CA GRC Manager also allows users to align their IT risks and controls with specific corporate policies and regulatory and legal requirements. The product includes the Unified Compliance Framework, which maps a set of more than 4,000 control objectives to 280 standards and regulations including the Sarbanes-Oxley Act and PCI.

"Every organization knows that it has serious GRC [governance, risk and compliance] issues, but no organization has unlimited resources to devote to those issues," said Richard Ptak, managing partner at Ptak, Noel & Associates, in a statement. "The tools that CA is providing to help managers maintain alignment between resource allocation and business risk are therefore extremely crucial to the success of its customers GRC initiatives."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.