Introduction

For today’s enterprises, meeting the requirements of a variety of technical standards, IT governance frameworks, and laws related to security and administration has become a significant challenge. No one appreciates that better than Symantec’s Sandeep Kumar

For today’s enterprises, meeting the requirements of a variety of technical standards, IT governance frameworks, and laws related to security and administration has become a significant challenge. And as numerous industry experts have observed, the pressure to demonstrate compliance with such mandates will likely to increase in 2007.

No one appreciates that better than Sandeep Kumar, the recently appointed Senior Director, Product Management, for Symantec’s Compliance and Security Management group. A 14-year software industry veteran, Kumar likens today’s compliance market to the security market of the mid-1990s.

“Security used to be an afterthought,” he says. “Companies built their networks and their IT infrastructure without very much thought of security. Once threats and vulnerabilities began to rise in the late ‘90s, the need for security was better understood. So security got bolted on, and today security is very much engrained in the IT fabric. I believe compliance is evolving the same way. In most cases, IT infrastructure, processes, and operations weren’t built with compliance in mind. But with an increasing regulatory environment, companies have had to adapt very quickly. So today compliance is bolted on, but in the near future policy compliance will become part of the IT DNA.”

Kumar makes the case that Symantec has a key role to play in educating enterprises about the importance of a good IT governance program.

“There is a fantastic opportunity ahead of us to provide our customers with a comprehensive solution set that can help reduce their cost and yet achieve an exceptionally high level of IT governance,” he says. “Symantec also has the industry’s richest content knowledgebase, which we will leverage to provide our customers with regulatory and technical standards content as well as global threat intelligence content within our products.”

What’s new in 2007

Kumar notes that Symantec offers the industry’s deepest portfolio of solutions to help enterprises define, control, and govern IT policy compliance.

“These solutions provide proactive policy enforcement and remediation, automated content management, and a consolidated view of compliance to multiple standards, frameworks, and laws,” he says.

Recent and upcoming developments include:

• Symantec Security Information Manager “We just released a major update to our Security Information Manager product line in December 2006,” Kumar says. “The SSIM 4.5 release is revolutionary in the sense that it provides a unified threat and log management product along with real-time compliance reporting. Both log archival and correlation performance have increased four times since the last release, and we can now process more than 12,000 events per second on a single appliance. The product supports over 110 third-party event collectors for perimeter security devices, enterprise middleware and applications, OS and database logs, endpoint security products, and access and identity management systems. In 2007, we will be delivering improved high-availability features, a Web-based portal, and asset and risk management features. We’re also working on a very innovative project that will elevate the product from security incident management to business operations and information incident management.”
• Symantec Control Compliance Suite “On the CCS front, our engineering teams are working diligently on the Spring 2007 releases,” Kumar continues. “CCS 8.5 with Policy Module 8.5 will include entitlement reporting and attestation, dashboard enhancements, policy templates, and sample policies, among other features. We will also be introducing automated operational evidence collection from several Symantec products.”
• Symantec Enterprise Security Manager “We also plan to release ESM 6.5.3, which will provide enhancements in reporting, manager scalability, and agent-manager encryption,” Kumar says.

But it’s the latter part of the year that really has Kumar excited.

“At the end of 2007 we will begin a phased rollout of a brand new architecture, built from the ground up,” he says. “This will provide the underpinning for converging our Enterprise Security Manager and Control Compliance Suite products. Symantec’s vision is to provide our customers with a platform and product portfolio that can serve as an IT governance foundation.”

A tall order, to be sure, but as Kumar is quick to point out: “Symantec today is leading the charge in the compliance space and has market-leading products. In 2007, we will further accelerate our momentum. Stay tuned!”