Symantec moves beyond security tools

Symantec has outlined an "information integrity" strategy that users and analysts said addresses a growing need for a more holistic view of the operational and security risks facing companies.

Download this free guide

Infographic: Future-proofing UK technology

The current potential of the UK technology industry is restricted by the lack of tech and digital talent available. Read through this challenge for the future of UK business and our economy.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

But they added that whether the new approach succeeds will depend on how well Symantec, which is primarily known for its anti-virus tools and firewalls, can execute on its wider vision.

As part of the initiative, Symantec will deliver products and services designed to give companies a full assessment of the risks and vulnerabilities they face and then enable them to act upon that information, said Enrique Salem, the company's senior vice-president of security.

For instance, a latest version of Symantec's Enterprise Security Manager software that was released this week can help companies identify compliance issues related to regulations such as the Sarbanes-Oxley, Salem said.

Similarly, other products will let companies capture snapshots of the operational state of their servers, PCs, applications and operating systems, as well as information about their configuration settings and patch levels. Some of those capabilities are available now, but more will be added in the future.

"It's a model and a set of policies that chief information officers can use to manage their environment," Salem said. "It stresses the concept of understanding your environment, acting on the information and controlling it."

Dave Jordan, chief information security officer for the Arlington County government in Virginia, said he thinks the idea makes sense for security managers.

At one level, Symantec's new initiative is aimed at moving the company into new markets now that its core security tools business is saturated, Jordan said. But he added that the company's strategy could meet the need for a management dashboard that gives an overall view of the operational and security landscapes inside companies.

Symantec's roadmap "provides a framework to help guide us", said Shaun Catlin, a senior systems analyst at law firm Ford & Harrison. "It's something that we knew needed to be done."

The alignment of information from the operational and security sides should give companies more control over possible risks, said Cory Ferengul, an analyst at Meta Group.

"What Symantec is saying is, 'You can't secure what you can't control, and you can't control what you don't understand.' "

Other suppliers, such as IBM and Computer Associates International, are making similar pitches, according to Ferengul. But, he added, "there's a lot of maturing that has to happen" before all of the required information can be truly integrated.

Jaikumar Vijayan writes for Computerworld