Florida taps Symantec for security tools

Florida State Technology Office

Already quite proactive in cybersecurity, Florida's state government is using two Symantec Corp. software tools to beef up its enterprise network security, according to company officials.

NetRecon is a vulnerability assessment tool, which Tom Resau, Symantec's public sector spokesman, described as a "hacker in a box" that scans, analyzes, and reports security holes in the network.

The second tool is the Enterprise Security Manager (ESM), which is essentially a policy compliance tool that constantly assesses a network's performance based on the organization's security policies, he said.

Brian Finan, the company's strategic programs and homeland security director, said Symantec's recently released Internet security threat report showed that about 2,524 new information technology product vulnerabilities were discovered in 2002, about 81.5 percent higher than in 2001.

He also said the ESM tool would ensure that an organization's policies —such as how often passwords are changed or the length of passwords — are followed. It provides a baseline for every system and then automates repetitive operations to ensure those policies are being enforced. He said both tools are generally used in tandem to give a government or other organization a high-level security view.

"Given our large network environment supporting agencies across the state, holding systems to policy is crucial for preventing weaknesses that could result in compromised systems during a network attack," said state Chief Information Officer Kimberly Bahrami in a statement.

The state is also using a Symantec application module that allows agencies to automate and centralize security policy management and assessments in accordance with the Health Insurance Portability and Accountability Act, a federal law that ensures the privacy and security of individuals' electronic health information.

Security companies, said Finan, need to provide more education and training awareness about increasing threats and vulnerabilities. Cutbacks in funding resources, he said, impact an organization's ability to shore up security even if it has cybersecurity policies. Combining products or ones with greater capabilities can reduce costs, he said.

Florida began working on its cybersecurity problem in 1999, and then created the Office of Information Security, a unit of the state technology office, two years later. The state takes a proactive statewide approach to security, including using another third-party vendor to handle statewide security audits. The model does not allow any agency to be exempt and includes possible reprimands for noncompliance.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.