|
[IMAGE]
Symantec's Strengths
At first, we were a bit skeptical about the policy creation interface (not the prettiest interface we've ever seen), but using it to write policy was straightforward despite the initial awkwardness.
We were able to author policy, import existing policy from Microsoft Word documents and approve publication to the CCS Web portal. The tool supports a policy authorship workflow in much the same way Archer does, allowing us to defer publication until approval and to keep a recorded archive once a new version is created.
Surprisingly, we found ourselves missing the kind of stock policy supplied by Archer. Symantec has a number of sample policies (templates), but we found that importing our own policies or creating new policies from scratch using the policy import and creation tools took less time than customizing the templates.
One feature that really stood out was the flexibility provided to map policy to the compliance frameworks and regulations CCS provides. The mechanism is a mapping editor that's reminiscent of the relationship manager f...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
eature of Microsoft Access. Though it took us a while to figure out how to use it, the mapping editor provides tremendous flexibility in making connections between policy, framework and regulatory items. The ability to see these relationships visually had a definite "cool factor." Of course, while this is a flexible approach, it requires a bit of manual interaction to maintain. An enterprise seeking to make heavy use of the policy portion of this tool would require more ramp-up time to get ready for full deployment.
CCS is very strong on technical controls. The product ships with a large number of technical standards packs that can be used as a benchmark against which to compare devices that it is aware of. The standards packs draw on familiar source material, such as NSA configuration guides and the CIS configuration benchmarks.
The technical information-gathering feature supports a very large number of devices for remote profiling. CCS can use an agent or agentlessly retrieve data across a diverse range of platforms, such as various Windows versions and multiple flavors of Unix and Linux.
|
 |
|
