Symantec launched its Enterprise Security Manager (ESM) version 6.5 yesterday which features a tweaked user interface that provides details on where and why IT systems fail.
Jeffrey Hoo, Symantec services and management field director, said the upgrade offers automated information pertaining to how each transaction fails to meet compliance and offers suggestions on how to remedy the situation. This lets enterprises better comply with corporate accounting procedures and financial transaction standards like Basel II whereas the previous version only included a checklist for whether a particular transaction complied.
Hoo said ESM 6.5 is a tool to discover necessary information, not a complete vulnerability assessment; however, when the two are used in conjunction it makes managing risk in an organization much more effective than just complying.
"The automated compliance process makes the compliance task for companies and banks much easier. Another area ESM 6.5 focuses on is performance in the way it updates from Symantec Live Update; in the past when you wanted to check on a system for new updates Live Update used to check all content, now it just downloads what is appropriate," Hoo said.
"ESM can be used with Security Information Manager to prioritize incidents and alerts and inform a risk manager.
"Banks spend a lot of time looking at processes and policies required for regulatory compliance, and look to technology to help them define rules and responses and ESM 6.5 lets them write their own policies on top of the regulations supplied as templates in the product."
ESM 6.5 offers pre-configured policy assessment templates for Sarbanes-Oxley, as well as best practice security policies ISO17799/2005, Basel II, the SANS Top 20 and Centre for Internet Security (CIS) benchmarks. It also meets the requirements of a number of US acts such as the Federal Information Security Management Act, and the Gramm-Leach-Bliley Act (protects consumer financial information held by financial institutions).