Symantec Introduces Centralized, Open Information Security Management

Business Wire, Oct 1, 2002

Business Editors/High-Tech Writers

CUPERTINO, Calif.--(BUSINESS WIRE)--Oct. 1, 2002

The Symantec Security Management System Provides a

Comprehensive View of Security, Enabling Proactive Defense

and Real-Time Enterprise-Wide Response

Symantec Corp. (Nasdaq:SYMC), the world leader in Internet security, today announced the Symantec Security Management System, a comprehensive set of management applications that improves the effectiveness of the information security environment by delivering proactive control of the security infrastructure and correlated information for better decision-making.

"The primary challenges our customers face are managing their complex security infrastructure and the overwhelming data flow created by all the security devices they've deployed," said Gail Hamilton, executive vice president, Symantec Corp. "Symantec's approach is to provide open policy and incident management capabilities that allow users to proactively secure their network against known threats and to respond in real-time against new attacks."

The Need for A Comprehensive View of Security Posture

Managing enterprise security today is a difficult process, delivered through a combination of disparate commercial products from different vendors lacking integration and interoperability. The result is a high degree of complexity and increased operational costs, and reliance on isolated security data to make critical security decisions. For a majority of enterprises, the outcome is a weak security risk profile -- an insecure business infrastructure, incomplete regulation compliance, security audit failures and soaring security management costs -- that is not in line with business requirements.

Making it more difficult, protection products throughout the enterprise scan systems and network traffic and send messages on every suspicious activity. Each message is termed a security event, and nearly 10 million occur each month in organizations of even moderate size. An event may be anything from a malformed or over-length network packet, potentially indicating a buffer-overflow attack, to a failed login on a computer that may be critical or relatively insignificant. Taken individually, it is difficult to determine if a given event indicates trouble or not.

An incident is an event or condition that requires a response and closure. Active attacks or virus outbreaks are incidents that are usually comprised of one or more events. Known system vulnerabilities or discovered policy violations should also be treated as incidents that require a response. However, the challenge is sorting through the millions of events to find the incidents in time to take action.

"The biggest challenge we face on a day-to-day basis is the volume of events on our network," said Phil Tyler, operational security consultant, Avnet. "The components of the Symantec Security Management System that we've deployed position us for a complete view of our security posture in real time, in one console, so that we can react quickly and effectively to actual security alerts."

Today's CIOs and CISOs are also under intense pressure when it comes to security. In addition to higher expectations from customers, investors and the general public with regard to regulatory requirements, legal liability and fiduciary responsibility, the increased complexity and number of attacks are causing greater damage. These pressures drive the need for a comprehensive approach to security management.

About The Symantec Security Management System

The Symantec Security Management System helps CIOs and CISOs answer questions such as "How secure am I?", "Where should I focus my resources?" and "Am I doing everything I can to protect my enterprise?" The Symantec Security Management System is comprised of multiple components for customers to select and deploy the right set of security management applications unique to their individual business objectives.

The three key components of the Symantec Security Management System are Symantec Event Managers, Symantec Incident Manager and Symantec ESM for policy compliance.

Symantec Event Managers

For enterprise customers who want a complete view of security events for just a specific area of protection, Symantec introduces Symantec Event Manager for Anti-Virus and Symantec Event Manager for Firewall. These Event Managers consolidate data from Symantec's and other vendor's protection solutions to provide the customer with a complete view of virus and firewall events. Customers can collect data from third-party vendor security products including Network Associates antivirus data and Check Point firewalls. Additional event collectors are expected to be available in the December quarter.

Symantec is working with third party vendors to create collectors through a partner program, to be formally announced in the first quarter of 2003. Early adopters to this program currently include TippingPoint, which develops active network-defense systems, and Entercept, which develops intrusion prevention software. TippingPoint and Entercept are scheduled to make event collectors for their products available in the December 2002 quarter. (See separate Partner Release, October 1.)