McAfee Governance, Risk and Compliance Business Unit

The security vendor has big plans for the IT governance, risk and compliance space, and has created a new business unit to help push its suite deeper in the market.

SAN FRANCISCO - McAfee officials elaborated on their plan to put a greater emphasis on IT governance, risk and compliance April 9 at the RSA Conference here.

The security vendor's recently established Risk and Compliance Business Unit allows the company to focus on integrating and adding products and services to its GRC portfolio - starting with the release of McAfee Vulnerability Manager 6.5.

Vulnerability Manager 6.5, which supports Windows and Unix systems, includes agent-less scanning to assist in policy compliance audits and is meant to help companies meet the requirements for compliance reporting mandated by both regulatory and industry standards.

The company hopes to replicate the success of its TOPS (Total Protection Suite), said George Kurtz, senior vice president and head of the Risk and Compliance Business Unit at McAfee. Ultimately, the goal is to build a technology suite that can gather security configuration and vulnerability information from anything on the network, from the operating system to the database to the application, he said.

"This business unit allows us to operate a lot faster - kind of like a start-up within McAfee - and drive a lot of innovation in these products," Kurtz said April 9 in an interview with eWEEK at the conference.

Foundstone in New Packaging

Vulnerability Manager is a re-branded version of McAfee Foundstone Enterprise. The IT GRC suite is rounded out by McAfee Remediation Manager, Risk and Compliance Manager, Policy Auditor and the Foundstone On-Demand Service. Version 5.0 of Policy Auditor is due to be released at the end of the quarter and will be integrated with ePO (ePolicy Orchestrator), Kurtz said. The other products will eventually be integrated into ePO as well, he added.

"What we've seen in the industry [is] our customers have problems dealing with multiple consoles and multiple policy engines, whether it's network or agent-based," he said. "So now because of our technology...what we're actually doing is we're unifying them together. So in one place you'll be able to set policy and the system will...actually go out and behind the scenes perform a policy audit, come back and be able to report on that without you having to log into two different consoles and configure two different systems."

As McAfee integrates the products into ePO in the name of better management, it will also look to acquire technologies that can be used to gather more information across the whole stack - from the network to applications - as well as bolster its GRC and policy-compliance capabilities, Kurtz said.

"We have a very strong product portfolio...and we are looking to round that out," he said.