McAfee unveiled two new offerings as part of its security risk management portfolio. McAfee Foundstone Enterprise 5.0, a comprehensive priority-based vulnerability management solution, and McAfee Preventsys Compliance Auditor and Risk Analyzer both allow companies to automate the manually intensive process of reporting security compliance.
With McAfee Foundstone Enterprise 5.0, companies can easily prioritise and rank their highest-value business assets then identify their most critical security vulnerabilities and the threats, which could exploit them. This information allows organisations to more effectively respond to their most significant issues by deploying the proper resources where they are needed most. Through Foundstone 5.0´s automated reporting, enterprises are also able to reduce IT operating expenses and achieve real-time metrics to better mitigate their security risk.
More than ever, IT departments are being forced to align their buying decisions with executive-driven business objectives. The merging of compliance with risk management at the enterprise level is shifting the focus from just identifying vulnerabilities and configuration holes to understanding the total impact of threats, vulnerabilities, and configuration errors on critical assets.
The McAfee Foundstone Enterprise 5.0 release supports this change by providing customers with advanced credential-based scans of UNIX systems, including recent versions of Red Hat Enterprise, Solaris and AIX. This in-depth assessment provides customers with a better understanding of their total vulnerabilities so they can reduce their risk and get a detailed view of their risk posture. The two-way SNMP communication feature helps customers automate operational processes by providing complete integration with third-party applications, like BMC Remedy, to simplify patch management activities and ensure closed loop remediation.
McAfee Foundstone works in conjunction with McAfee Preventsys Compliance Auditor to provide advanced policy compliance reporting capabilities. Customers can now take in Foundstone data and “link” corporate security policies and standards to specific Foundstone checks to ensure business policy objectives are being adhered to across the network. McAfee Preventsys Compliance Auditor supports centralised auditing across all aspects of policy: process, procedure and technical controls, which provides a consistent way to reduce the costs associated with demonstrating security compliance.
To further address compliance needs, McAfee Preventsys Risk Analyzer consolidates and analyses security data from multi-vendor sources, greatly reducing the time it takes to get a clear, prioritised picture of security risks, compliance issues, and monitor changes to an organisation´s risk score.