McAfee Revamps Security Risk Management Tools

By adding McAfee Foundstone Enterprise 5.0 and McAfee Preventsys Compliance Auditor and Risk Analyzer have been added to its risk management portfolio, the company is following up on a pledge to help firms automate the manually intensive process of preparing to report to security compliance auditors.

Businesses in the United States continue to struggle to meet the demands of regulations such as the Sarbanes-Oxley Act and HIPAA (the Health Insurance Portability and Accountability Act), which apply stringent data management guidelines to firms doing business in the financial services and health care industries, respectively.

McAfee says by using Foundstone Enterprise 5.0, which has its roots in the technologies acquired by McAfee in its $86 million buyout of Foundstone in 2004, customers will be able to more easily prioritize and rank important corporate data in order to identify their most critical security vulnerabilities.

By locating any weak points, organizations can determine how to allocate security resources where they are needed most, and reduce operating expenses, McAfee officials claim.

"Our enterprise customers are increasingly demanding an end-to-end consolidated view of vulnerability, configuration and compliance information that enables them to manage their security risk," said George Kurtz, senior vice president of risk management at McAfee, headquartered in Santa Clara, Calif. "Integrated risk management offerings are designed to provide customers with the means to successfully prioritize their risks, protect their critical assets and monitor their security compliance."

McAfee maintains that the demands of meeting compliance regulations have touched off a shift in the way that businesses purchase security technologies, placing more emphasis on the needs of business executives than on IT departments' choices. The software maker claims that this trend is moving the focus within enterprise companies from merely identifying vulnerabilities to trying to understand the impact of threats and configuration errors on corporate IT systems.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.

McAfee said Foundstone Enterprise 5.0 allows users to conduct advanced security and compliance scans of Unix systems, including recent versions of Red Hat Enterprise, Solaris and AIX. The system also offers integration with third-party applications, including BMC's Remedy service, to automate patch management activities.

The Foundstone package works in conjunction with McAfee's Preventsys Compliance Auditor to provide policy compliance reporting capabilities. Customers can now take data from the system and link it with corporate security policies and standards to ensure compliance with those guidelines, the company said.

The Preventsys Compliance Auditor offers centralized auditing and reporting for all elements of regulatory enforcement, from policy to execution. The Risk Analyzer portion of the package promises to consolidate and analyze security data from disparate IT systems in order to reduce the time it takes to get a clear picture of security risks and compliance issues.

"The rising importance of risk management and government regulations are driving organizations to implement solutions which offer a holistic view of their security status and compliance standing," Charles Kolodgy, research director at IDC, in Framingham, Mass., wrote in a report. "As IT infrastructures become more complex, security managers need to prioritize their security to protect the most critical assets."

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.