Global security vendor Symantec has been pondering this issue. Agility is often about Q&D (quick and dirty) instead of R&D – the traditional taking of small steps, retaining base principals, and pausing to see what has changed.
It has beefed up its Control Compliance Suite (CCS) to cover agility, yet not “throw the agile baby out with the bathwater".
Symantec Control Compliance Suite (CCS) is a compliance and security assessment solution that provides users with the ability to run security and compliance assessments on their environment (public, private, and physical) across servers, endpoints, and critical network infrastructure. Using Symantec CCS, organisations can report on their compliance posture against industry best practices and key mandates like Payment Card Industry, International Organisation for Standardisation, National Institute of Standards and Technology, and many others.
“The latest version of Symantec CCS enables enterprises to change the game from compliance as a cost, to compliance as a differentiator and an enabler to an agile enterprise,” said Vishal Gupta, vice-president of management and compliance, Symantec. “Innovative capabilities like Scripting and Command Line Interface automation will enable our customers and partners to open and extend the CCS platform both for their security and operational needs.”
With the new Symantec Control Compliance Suite, companies can adopt agile compliance methodologies into their day-to-day operations to increase confidence in their provisioning and remediation process. Key new capabilities include:
- Command Line Interface option enables users to drive micro compliance assessment jobs. This new feature allows organisations to automatically run scans in CCS whenever necessary, generate results and ensure that the right fix to a flagged issue or misconfiguration was implemented.
- Custom scripting enables customers to create customised standards and benchmarks that best fit their organisation’s existing supported platforms and extend it to new non-supported platforms.
- Support for assessing secure configuration of Cisco routers and switches for added network layer scan capabilities.
- Integration with CyberArk Application Identity Manager simplifies credential management within CCS for authenticated scans.
“With the introduction of custom scripting in Symantec CCS, customers that have already invested in the personnel and process to create and maintain a robust script library for data collection can now leverage that investment directly in CCS,” said Jason Eberhardt, vice-president, Conventus.
Conversely, customers who do not have the in-house expertise to develop and maintain data collection scripts or are still using manual processes for data collection can still utilise the built-in technical check builder that has always been a core feature of the CCS.
Realistically, most companies will probably choose a hybrid strategy using both scripts and CCS-built technical checks to varying degrees, but the key is that Symantec has now given the customer the choice of how they want to collect their configuration and compliance data.