The Symantec Workflow Business Practice team has developed process templates for Control Compliance Suite, Symantec EndPoint Protection, Data Loss Prevention, Critical System Protection, and the Symantec Management Platform. These templates provide additional value to our products by extending their capabilities and allowing for better integration with other information systems.
This template provides a “Best Practice” process for customer’s to remediate failed asset checks.
The main features of this template are…
Workflow integrates with CCS and starts a Workflow process for each failed asset check. The process walks the compliance team through the review, testing, and production implementation steps to fix the failure.
The ability to set a “Risk Score” threshold, which allows the customer to work on the highest risk checks first.
The ability to set a maximum work item amount. This helps customers “throttle” the amount of check failures that the compliance staff receive. This is important during the first few months of the implementation as the number of failures that are discovered by CCS can be quite high.
Audit reporting – Who, What, When. Customers can run process reports by Standard, Asset, Check, and Date Range. These reports can be provided to regulators and help avoid many of the challenges that can occur during an audit. Also, these reports add value by providing metrics for continuous process improvement.
Customers can take the base template and extend it to integrate with other systems as needed.
This template provides a “Best Practice” process for monitoring and remediating changes to Critical Files and AD Groups. This template can also be setup to monitor other critical security items (Database Access, MS Exchange Distribution Lists, File Shares, etc.).
The main features of this template are…
Workflow integrates with the CCS Risk Management System and starts a Workflow process when an RMS baseline query discovers changes in Active Directory or the File System. A task is created for the compliance group responsible for reviewing the baseline delta. The analyst will have the option to update the baseline with the newly discovered change or remediate the change.
Audit reporting – Who, What, When. Customers can run process reports by RMS query and Date Range. These reports can be provided to regulators and help avoid many of the challenges that can occur during an audit. Also, these reports add value by providing metrics for continuous process improvement.
Customers can take the base template and extend it to integrate with other systems as needed.
This template provides a “Best Practice” process for monitoring and remediating exploitable vulnerabilities.
The main features of this template are…
Workflow integrates with the CCS Vulnerability Management System and starts a Workflow process when an exploitable vulnerability is discovered. A task is created for the compliance group responsible for reviewing the exploits. The analyst will review the exploit and send it along through the remediation testing and production update processes.
Audit reporting – Who, What, When. Customers can run process reports by exploit, endpoint, date range, etc. These reports can be provided to regulators and help avoid many of the challenges that can occur during an audit. Also, these reports add value by providing metrics for continuous process improvement.
Customers can take the base template and extend it to integrate with other systems as needed.
This template provides a “Best Practice” process for monitoring CSP events.
The main features of this template are…
Using the Workflow console, the customer can select which CSP profiles they want Workflow to monitor.
Workflow integrates with the CSP event data and starts a remediation process for each monitored CSP event.
Audit reporting – Who, What, When. Customers can run process reports by Profile, Event, and Date Range. These reports can be provided to regulators and help avoid many of the challenges that can occur during an audit. Also, these reports add value by providing metrics for continuous process improvement.
Customers can take the base template and extend it to integrate with other systems as needed.
This template provides a “Best Practice” process to assist customers with managing DLP “Data At Rest” Network and Endpoint scan results. The substantial benefit this process provides is the moving of the work from a centralized DLP admin group out into the Business Units. By distributing the work, the amount of time it takes to get an environment compliant will be significantly reduced.
The main features of this template are…
Workflow automatically aggregates scan results by file owner. Workflow will send a link to an end user that will display a console with all of the files they own that are in breach of a DLP policy. This end user interface will allow the user to select files and take one of the three following actions…
• Delete the file
• Encrypt the file
• Quarantine the file
Audit reporting – Who, What, When. Customers can run process reports by DLP Policy, File Owner, and Date Range. These reports can be provided to regulators and help avoid many of the challenges that can occur during an audit. Also, these reports add value by providing metrics for continuous process improvement.
Customers can take the base template and extend it to integrate with other systems as needed.
This template provides a “Best Practice” process to assist customers with managing DLP Endpoint Lockdowns (aka SEP Host Integrity policies).
The main features of this template are…
If an endpoint violates a DLP policy, DLP, Workflow, and SNAC (SEP Host Integrity) are used to put the endpoint into a quarantined state. The Host Integrity policies that are triggered on the endpoint can vary based on how the process is configured.
Audit reporting – Who, What, When. Customers can run process reports that provide details and metrics for the process.
Customers can take the base template and extend it to integrate with other systems as needed.
This template provides a “Best Practice” process to assist customers with managing SEP endpoints.
The main features of this template are…
Endpoint updates and scans. When Workflow discovers an endpoint that has an unresolved alert in SEPM, Workflow automatically runs the SEP virus update process on the endpoint and initiates a targeted scan. The results of the scan are sent to the SEP admin when complete.
Routing Rules/Automatic assignment – A console has been created in Workflow that allows the SEP administrator to configure “Routing Rules”. These rules are then used to automatically assign SEP Alert, Host Integrity, or Old Definition tasks to the various groups responsible for remediating items that SEP discovers. Note – This process is only used when an item cannot be automatically remediated via automatic updates and scans.
Audit reporting – Who, What, When. Customers can run process reports by Group, Virus Type, and Date Range. These reports can be provided to regulators and help avoid many of the challenges that can occur during an audit. Also, these reports add value by providing metrics for continuous process improvement.
Customers can take the base template and extend it to integrate with other systems as needed.
This template converts email into a Workflow process, which adds the ability to have an Audit Trail, Escalations, Timeouts, etc. This is a very useful template; it allows you to focus on the email notifications that matter and filter out the noise. You get all the benefits of the Workflow framework added to the email notifications you're already familiar with.
