I just found out that the Symantec Protection Center Enterprise platform is being discontinued and that Symantec isn't offering a replacement product. While support will continue for another three years, how quickly should we abandon the platform and what are our options?
Ask the Expert
Perplexed about application security? Send your application security-related questions today! (All questions are anonymous.)
As part of their "4.0" transformation strategy, Symantec Corp. is streamlining its portfolio to provide more integrated products. As a result, the company decided to retire Symantec Protection Center Enterprise (SPCE), though it is extending the support window to the end of 2016 for existing SPCE customers. Fortunately, nearly three years of support is long enough to plan a migration to another product. However, given the time it takes to assess, test and review alternatives, it is critical that SPCE customers begin the process now.
SPCE is a data collection and analytics platform that gathers data from multiple security products and based on that data, provides reports and dashboard-style overviews of threats and IT risks. The analysis is business centric, which is ideal for explaining risks to senior management. Various metrics show the security of endpoints, reveal potential vulnerabilities and threats to enterprise servers. They can also provide a measure of the information security posture of an organization.
Protecting today's networks requires broad and deep visibility across the entire IT environment. Security analytics platforms that collect, monitor, analyze and report on information from complex and extended networks are a great aid in providing the visibility an enterprise needs to make informed decisions and better manage overall risk. Automated analysis of logs can not only expose threats and risks but also provide audit reports, while historic data can be used to check compliance against policies and regulatory requirements over time.
An SPCE alternative offered by Symantec is the Control Compliance Suite (CCS) Risk Manager. CCS has a similar architecture to SPCE in that it allows administrators to bring in and view data from other security systems. Symantec believes CCS offers greater risk calculation and visualization capabilities than SPCE along with the ability to create different views of IT risk for different audiences. Other products that provide this type of data collection to improve enterprise-wide visibility of the IT environment include LogRhythm, McAfee's Total Protection for Compliance and Lumension Compliance and IT Risk Management.
When moving from one security product to another, it is important to ensure that they can operate side by side during the transition period without compromising performance or security. Any product that provides a central collection point for information from multiple sources must also be able to work with the different operating systems and devices running on a network to truly assess their status. Always pilot a new product on non-mission critical network segments to ensure it provides the functionality expected and to give administrators time to fine-tune configuration settings. As the main purpose of SPCE is to provide actionable reports, outputs from possible alternatives should be reviewed to ensure that they are comprehensive and meet specific requirements such as visualization with drilldown capabilities.
Do not overlook the importance of being able to output and present information in different ways. If stakeholders can clearly understand the security profile of their business, they are more likely to take any shortcomings seriously.
Dig Deeper on Information Security Incident Response-Information
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and ... Continue Reading