Symantec Corp. this week outlined an "information integrity" strategy that users and analysts said addresses a growing need for a more holistic view of the operational and security risks facing companies.
But they added that whether the new approach succeeds will depend on how well Symantec, which is primarily known for its antivirus tools and firewalls, can execute on its wider vision.
As part of the initiative, Symantec will deliver products and services designed to give companies a full assessment of the risks and vulnerabilities they face and then enable them to act upon that information, said Enrique Salem, the Cupertino, Calif.-based company"s senior vice president of security.
For instance, a new version of Symantec"s Enterprise Security Manager software that was released this week can help companies identify compliance issues related to regulations such as the Sarbanes-Oxley and Gramm-Leach-Bliley acts, Salem said.
Similarly, other products will let companies capture snapshots of the operational state of their servers, PCs, applications and operating systems, as well as information about their configuration settings and patch levels. Some of those capabilities are available now, but more will be added in the future.
"It"s a model and a set of policies that CIOs can use to manage their environment," Salem said. "It stresses the concept of understanding your environment, acting on the information and controlling it."
Dave Jordan, chief information security officer for the Arlington County government in Virginia, said he thinks the idea makes sense for security managers. "Of course, some of this is just marketing, but it"s not all marketing," said Jordan, who is already a Symantec user.
At one level, Symantec"s new initiative is aimed at moving the company into new markets now that its core security tools business is saturated, Jordan said. But he added that the company"s strategy could meet the need for a management dashboard that gives an overall view of the operational and security landscapes inside companies.
Symantec"s road map "provides a framework to help guide us," said Shaun Catlin, a senior systems analyst at Atlanta-based law firm Ford & Harrison LLP. "It"s something that we knew needed to be done."
The alignment of information from the operational and security sides should give companies more control over possible risks, said Cory Ferengul, an analyst at Meta Group Inc. "What Symantec is saying is, "You can"t secure what you can"t control, and you can"t control what you don"t understand." "
Other vendors, such as IBM Corp. and Computer Associates International Inc., are making similar pitches, according to Ferengul. But, he added, "there"s a lot of maturing that has to happen" before all of the required information can be truly integrated.