Driving a documented, repeatable process for responding to security breaches, threats and failures in IT Policy Compliance controls is the foundation of a strong governance model. The Symantec Security Information Manager provides the foundation for enabling a comprehensive incident response program by helping customer identify, prioritize, respond to and review incidents and threats in their environment.
Understanding security posture and meeting audit standards
Symantec Security Information Manager is a real-time security information management solution that collects, correlates, and stores event, vulnerability and compliance logs and documents the actions that your security staff takes to help keep your information systems secure. It provides compliance reporting that lets you and your auditors see, firsthand, the state of your security environment. These are crucial to helping your organization provide the accountability and transparency required to comply with stringent mandates and regulations.
Assessing threats and security issues
Symantec Security Information Manager allows you to identify the threats you are most vulnerable to and provides remediation steps to address those threats in real-time. It will also classify threats and security issues as they occur based on the effect those events will have on your business environment.
Identity and access management
Symantec Security Information Manager can leverage information from existing security and compliance products to assist in monitoring identity and access activities. It can help organizations gain visibility into user access of systems and produce audit trails showing access and changes to critical applications and assets.
Log management and data retention
Mandates and regulations require organizations to collect, store, and analyze various types of logs to demonstrate that they are adequately protecting information and infrastructure. Symantec Security Information Manager enables organizations to collect, store, and analyze log data as well as monitor and respond to security events to meet IT compliance requirements. Flexible archiving, querying and reporting provide organizations the means to manage logs from every source. Symantec Security Information Manager stores events in a collection of archive files within a specified location. The archive is implemented as a self-maintained module where it monitors disk usage and the age of individual archive files. Based on policy, when a specified maximum disk space is reached or files approach their expiration date, the system deletes old archives to make room for new ones.
Incident managementProduct Highlights
Symantec Security Information Manager helps organizations to collect, store and analyze log and intelligence data in order to identify and respond to critical malicious activities after, during or even before they occur. By combining existing protection and prevention device and application data with external intelligence on malicious activities occurring globally, it can deliver comprehensive insight into what incidents are occurring or are most likely to occur.
- Compliance and audit reporting
- Log retention and retrieval
- Real-time threat analysis
- Automated incident prioritization
- Incident remediation workflow