News

BindView to Update Compliance Tracking Tool

• By Stuart J. Johnston
• August 17, 2005

Compliance Center 2.1 adds improved support for Microsoft SQL Server and Exchange Server, as well as for Oracle databases. The product is designed to gather and analyze compliance data from corporate systems, and let administrators define policies, manage compliance, and demonstrate “due care” for security audits.

Driven by a recent plague of large-scale identity theft incidents, questions regarding how to meet regulatory compliance have begun to loom large within most IT departments – especially as laws like Sarbanes-Oxley, HIPAA and others take hold.

The package aims to help companies figure out if they are in compliance with regulations by comparing their configurations against a knowledge base of detailed information on Sarbanes-Oxley, HIPPA and other laws, as well as against governance frameworks such as ISO17799 and NIST SP800-53. It also integrates with existing help desk systems, including Remedy and HP ServiceDesk, generating remediation assignments automatically for IT operations based on criticality and re-evaluates out-of-compliance systems to confirm that tasks are completed.

“Compliance Center answers the question of what identity controls they need to have in place [by providing] an automated tool that gathers the information and rolls it up into a repository,” says Indy Chakrabarti, product manager for Compliance Center.

In previous releases, the ability to correlate information against regulatory requirements was limited to operating systems. In 2.1, that ability has now been extended to include views of Oracle and Microsoft SQL Server databases as well as Exchange, giving organizations the ability to translate regulatory mandates into specific IT security controls that can be documented and enforced, the company says.

The new release also adds support for automated patch updates from Shavlik to ensure organizations are supplied with the most current patches. It also features the ability to limit modification access to data, while enabling read-only reviews of executive-level reports to help auditors verify the authenticity of report content.

In addition, 2.1 provides new ease-of-use features for building custom templates based on established third-party standards or internally defined policies. It also maps actionable IT security controls directly to regulations, thus providing IT professionals, corporate executives and auditors with a single view into an organization’s combined security compliance posture.

“Most [compliance] products have focused on the technical aspects of vulnerabilities – this adds information around the business part of the problem,” says Chris Smith, BindView’s vice president of field marketing.

Compliance Center 2.1 will cost $200 per managed server.