Symantec adds compliance features to ESM 6.0

The latest version of Symantec's Enterprise Security Manager comes with prepackaged "best practice" policies and compliance...

The latest version of Symantec's Enterprise Security Manager comes with prepackaged "best practice" policies and compliance modules for a variety of regulatory regimes, as well as support for more operating systems.

Symantec Enterprise Security Manager (ESM) 6.0 is the latest edition of Symantec's vulnerability assessment and policy compliance tool and adds features to make it easier for IT administrators to compare their network's security against industry security benchmarks such as ISO (International Organisation for Standardisation) 17799, Symantec said.

ESM customers will receive preconfigured vulnerability checks that are based on broad industry standards such as ISO and the Sans Institute's Top 20 list of vulnerabilities, according to Mark Ungerman, director of product management at Symantec.

For companies concerned about complying with US federal government regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), ESM 6.0 comes with policies designed to test HIPAA related mandates affecting the protection of confidential patient information.

For example, HIPAA policies might look at the management of account privileges or passwords on ESM-managed systems, Ungerman said.

That would allow health care organisations to assess which of their ESM-managed servers is in compliance.

For systems that are not in compliance, administrators could use the ESM interface to drill down and determine which HIPAA-related controls are not in place.

The packaged policies and regulatory compliance modules do not change the core ESM assessment technology, but make it easier for administrators to use ESM to benchmark their network's security, Ungerman said.

ESM does not include patch- or configuration-management features to patch security or compliance holes that have been identified.

However, Version 6.0 is more tightly integrated with Symantec's Security Management System. That means that non-compliance issues can now be routed to other Symantec products such as Incident Manager and used to create tasks for IT security staff, Ungerman said.

The tighter integration brings regulatory compliance issues in step with the way other software security vulnerabilities are handled, he added.

In an effort to give more options for customers with heterogenous networking environments, the latest version of ESM also adds security and vulnerability checks for midrange servers such as Microsoft's Windows Server 2003 and IBM's iSeries server platforms.

ESM 6.0 is available immediately from Symantec resellers and distributors.

The ESM Manager software sells for around $2,394 (£1,416). ESM agent software ranges in price from $114 for an agent  running on Windows or Unix workstations to $1,995 (£1,180) for an agent running on iSeries servers.

Paul Roberts writes for IDG News Service


Read more on Business applications