McAfee Revamps Security Risk Management ToolsBy Matt Hines | Posted 2006-08-07 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
The security applications specialist introduces two new packages to help companies with network security and compliance.McAfee expanded its array of compliance automation applications on Aug. 7, launching two new software offerings that promise to help companies test and report on their ability to fall in line with federal data security regulations.
By adding McAfee Foundstone Enterprise 5.0 and McAfee Preventsys Compliance Auditor and Risk Analyzer have been added to its risk management portfolio, the company is following up on a pledge to help firms automate the manually intensive process of preparing to report to security compliance auditors.
Businesses in the United States continue to struggle to meet the demands of regulations such as the Sarbanes-Oxley Act and HIPAA (the Health Insurance Portability and Accountability Act), which apply stringent data management guidelines to firms doing business in the financial services and health care industries, respectively.
"Our enterprise customers are increasingly demanding an end-to-end consolidated view of vulnerability, configuration and compliance information that enables them to manage their security risk," said George Kurtz, senior vice president of risk management at McAfee, headquartered in Santa Clara, Calif. "Integrated risk management offerings are designed to provide customers with the means to successfully prioritize their risks, protect their critical assets and monitor their security compliance."
McAfee maintains that the demands of meeting compliance regulations have touched off a shift in the way that businesses purchase security technologies, placing more emphasis on the needs of business executives than on IT departments' choices. The software maker claims that this trend is moving the focus within enterprise companies from merely identifying vulnerabilities to trying to understand the impact of threats and configuration errors on corporate IT systems.
McAfee said Foundstone Enterprise 5.0 allows users to conduct advanced security and compliance scans of Unix systems, including recent versions of Red Hat Enterprise, Solaris and AIX. The system also offers integration with third-party applications, including BMC's Remedy service, to automate patch management activities.
The Foundstone package works in conjunction with McAfee's Preventsys Compliance Auditor to provide policy compliance reporting capabilities. Customers can now take data from the system and link it with corporate security policies and standards to ensure compliance with those guidelines, the company said.
The Preventsys Compliance Auditor offers centralized auditing and reporting for all elements of regulatory enforcement, from policy to execution. The Risk Analyzer portion of the package promises to consolidate and analyze security data from disparate IT systems in order to reduce the time it takes to get a clear picture of security risks and compliance issues.
"The rising importance of risk management and government regulations are driving organizations to implement solutions which offer a holistic view of their security status and compliance standing," Charles Kolodgy, research director at IDC, in Framingham, Mass., wrote in a report. "As IT infrastructures become more complex, security managers need to prioritize their security to protect the most critical assets."
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.