McAfee, RSA announce joint compliance and risk management solution

McAfee and RSA, The Security Division of EMC (NYSE: EMC) today announced a new joint solution based on their existing technology partnership.  This joint solution integrates security data from the McAfee® ePolicy Orchestrator® platform (McAfee ePO™) with business infrastructure and compliance data in the RSA® ArcherTM eGRC Platform and the RSA Archer Enterprise Management solution.  By connecting this data, customers can better leverage business information together with security data to gain a deeper understanding of risk and compliance issues.
 
“The McAfee and RSA solution provides greater visibility into the state of security and compliance across the enterprise infrastructure and enables a more comprehensive understanding of the business’ risk and compliance posture,” said Dave Anderson, senior director of Security Management at McAfee.  “The integration allows organizations to utilize McAfee security management products to manage system level security while also incorporating data and findings from those products into their risk and compliance management processes within the RSA Archer eGRC Platform.” 
 
“Both IT and security organizations are facing challenges today managing a myriad of tools and data that help them protect and keep the business up and running,” said David Walter, senior director of RSA, The Security Division of EMC.  “This integrated offering provides customers the opportunity to improve IT-GRC programs with information from security management processes. The Archer eGRC platform understands business criticality – adding this enables customers to prioritize the issues being documented in McAfee ePO against their business objectives.  This enables better business decisions about where resources are placed, resulting in an effective risk-based way to respond quickly to new threats, address program deficiencies and reduce vulnerabilities across all domains and lines of business in the enterprise.”
 
McAfee and RSA are delivering on a technology partnership announced earlier this year.  The two industry leaders now offer integrated solutions designed to help customers address complex security challenges, lower risk, improve compliance, and ensure data security across the IT infrastructure.
 
RSA Archer Enterprise Management is engineered to provide a central repository of information on enterprise’s business hierarchy and operational infrastructure. This web-based solution allows enterprises to develop an aggregate view of organizational divisions, determine the criticality of supporting technologies, and use that information in the context of eGRC processes.  McAfee ePO enables organizations to centrally manage their enterprise security posture through an open framework that unifies security management for systems, applications, networks, data, and compliance solutions.

The integrated solution between the RSA Archer eGRC Platform and ePolicy Orchestrator software and other McAfee security management products includes the following capabilities:

· The integration can populate the devices application within RSA Archer with systems in the infrastructure being managed by McAfee ePO. This ongoing synchronization helps ensure that device/platform level information is consistent between GRC processes and IT operations.

· Within the Devices application in the RSA Archer eGRC platform, customers can gain visibility into ownership and relationship to business processes and applications for a better understanding of the criticality of the issues captured from ePO and the appropriate accountability to ensure proper and timely response. 

McAfee® VirusScan® Enterprise software, McAfee® Host Intrusion Prevention, McAfee® Vulnerability Manager, McAfee® Policy Auditor and McAfee® Risk Advisor products all provide additional device level information within McAfee ePolicy Orchestrator software to better define the current device level security within RSA Archer.  Each product adds additional reporting data as well as insight into the current state of security within the infrastructure.

Risk and compliance calculations and reporting can be based on the data coming from McAfee Risk Advisor and improve overall visibility of the current security risk and holistic visibility of how that device's security risk impacts overall business performance.