by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2014
organization that they re all con- cerned about ... and taking that infor- mation and marrying it with infor- mation from another silo, like asset management, so that if you integrate that data, you get a better view of what s going on in your IT system, better situational awareness, and it allows you to take action on what you re seeing," Durbin said. Symantec also added user produc- tivity and protection to the technology because if users aren t productive and protected, it will be hard to accom- plish the other two goals, he added. The new offerings in the user pro- ductivity and protection segment incorporate Norton 360, Mobile Security and Data Services; endpoint protection and encryption; enterprise mobility; and user authentication. Under information security, it pro- vides managed security services by monitoring the logs of a multitude of companies and entities to alert them to potential events. Also part of this is the Control Compliance Suite, products that capture data from the sensor network and use it to show compliance or initiate action on noncompliant pieces. This focus area also addresses insider threats through, for instance, data-loss pre- vention, and critical system protec- tion by locking down the system and hardening it so managers know what it can and can t do. "When people think of continuous monitoring and cybersecurity, I think most of the press goes to information security, and I think that s kind of a misplaced belief because we all know that it s a matter of when, not if, that a security event is going to take place," Durbin said. "If we believe that that s the case, then we need to be prepared to recover from that event." That s where information manage- ment comes in. It involves storage to keep access to data highly available. It uses Symantec NetBackup, Backup Exec and Enterprise Vault, which archives data off the system but still allows access to it. "The secret sauce, if you will, to Symantec is what we call our threat intelligence or our global informa- tion network," Durbin said. The company monitors 13.8 billion files, 21.3 billion URLs data from sensors worldwide. Its products work with Symantec sensors and those from other manufacturers as well. "We are gathering an unsurpassed amount of unique threat intelli- gence," he said. "Nobody has access to the same threat intelligence Symantec has because it s our data coming from our sensors in our net- works. This information is culled together and analyzed by very smart people on our team and others to develop patterns and to be able to feed and fuel and inform our other Symantec products." Scan Once, Assess Many' A 2011 mandate related to the Federal Information Security Management Act of 2002 requires all federal agencies to perform continu- ous monitoring, but continuous moni- toring is not happening only at the federal level. Many states have adopt- ed the National Institute of Standards and Technology 800-53 risk level in addition to risk management frame- work processes, law enforcement monitors to FBI s Criminal Justice Information Services, health monitors to the Health Insurance Portability and Accountability Act, and retailers monitor to PCI. To further clutter compliance, enti- ties could be monitoring according to multiple standards. For instance, a government agency that does trans- actions by credit cards could also be using PCI. Symantec s solution includes the Control Compliance suite, which is mapped to all of these standards so that sensor-collected data can be automatically checked against them. "We have a process we like to call 'Scan Once, Assess Many especially in environments like the states where they do have multiple frameworks and multiple control sets that they have to comply and report against," Durbin said. "We should be moving away from checkbox compliance." --- Ken Durbin, manager of the Continuous Monitoring Practice at Symantec SPONSORED CONTENT SPONSORED BY: For more information please go to Symantec's Continuous Monitoring Approach or contact Ken Durbin, Symantec's Continuous Monitoring Practice Manager.