Symantec Takes on IT Risk Assessment

Symantec's Control Compliance Suite stands to step up the automation in the enterprise risk assessment process.

Symantec is launching a new assault on the challenges surrounding enterprise IT risk management.

The company is planning a new version of its Control Compliance Suite with a number of new features designed to help enterprises automate the compliance process and make IT risk assessment more scalable for Symantec customers.

"We're also introducing new capabilities, for instance, risk assessment-the ability to quickly identify and remediate assets that are at highest risk," said Jitesh Chanchani, director of product management for Symantec's Compliance and Security Management business, in an interview with eWEEK. "What this does is, it lets you focus on the most critical assets based on the exposures that exist on the assets. It kind of gives you a way to prioritize how you want to fix the problem."

The company formally announced the product, which will be available in the fall, June 11 at its Vision conference in Las Vegas. At the same time, Symantec released SIM (Security Information Manager) 4.6, which will also be a module in Compliance Control 9.0. SIM 4.6 enables organizations to collect, store and analyze log data, as well as monitor, prioritize and respond to security incidents. The idea is to help security teams monitor risk to their IT assets in real time and meet compliance requirements, company officials said.

What Symantec wasn't able to do previously with Compliance Control is link corporate assets back to policies and rate them, said Suzanne Dickson, senior director of product marketing at Symantec.

"We're adding more risk capabilities in the products, so for example you can do a risk assessment survey, and what that helps you to do is look at what type of controls you need ... to manage risk, and from a governance perspective what that helps the customers do now is better align the business," she said at the Vision conference.