McAfee has taken steps to integrate its vulnerability assessment and policy management products in a single suite to make it easier for enterprises to stay on top of compliance initiatives.
Total Protection for Compliance provides centralized reporting for audit and compliance purposes via ePolicy Orchestrator (ePO), the primary management console for a wide array of McAfee security products. It lets security managers combine audit and scanning results to generate reports for compliance initiatives such as the Payment Card Industry (PCI) guidelines, federal requirements such as FISMA, and the Center for Internet Security's best practices, says Bob Tesh, McAfee's group marketing manager.
McAfee's Vulnerability Manager and Policy Auditor products are included in Total Protection for Compliance.
"We've changed Vulnerability Manager, which performs agent-less policy assessments, so it's now looking for both the known good as well as the vulnerabilities," Tesh says.
Vulnerability Manager 6.7 (formerly Foundstone Enterprise) is now integrated with ePO so it can populate ePO with information about IT assets in order to generate compliance-related reports, Tesh notes.
Policy Auditor 5.0.1, McAfee's agent-based software that runs on desktops and servers, is also now sharing information with ePO that can be used to centralize automated compliance reporting.
Another new element in the Total Protection for Compliance suite is what McAfee is calling its Counter-Measure Aware Risk-Management Application (CARMA), which takes threat information produced by McAfee Avert labs to co-relate with any discovered vulnerabilities in IT assets.
While not intended for real-time analysis, the CARMA-generated reports with ePO give security managers details about where their systems may be vulnerable to new types of threats, and can help justify investment in endpoint security protection, Tesh said.
Total Protection for Compliance is priced based on the number of monitored IP addresses, ranging from US$100 to as low as $10 with 75,000 monitored assets.