CA Doubles Down on Security Management with New Solutions to Manage the Identity Lifecycle, Secure Data and Manage Security Information

Breadth of Offerings Helps Improve Information Security, Confirm Compliance and Speed Time-to-Value in an Identity Management Deployment

ISLANDIA, N.Y.– CA, Inc. (NASDAQ: CA) today announced three security products to help strengthen information security and drive faster time-to-value in an identity management deployment, while helping to reduce the risk of security breaches and confirm compliance. The products include CA Enterprise Log Manager, a new product developed by CA for managing security information; CA Role & Compliance Manager, a new release of an acquired Eurekify product to help manage the identity lifecycle; and CA DLP, a data loss prevention solution that identifies sensitive data and information throughout the enterprise and helps protect it from loss and misuse. Today’s news builds on CA’s strategy to offer Security Management solutions that are integrated with one of the most comprehensive IT management portfolios in the industry, allowing for richer functionality, faster time-to-value and lower cost of ownership.

“CA is dedicated to delivering security solutions that help our customers confirm compliance and protect their information while quickly recognizing value from their security investment—in as little as 30 to 60 days in some cases,” said Dave Hansen, corporate senior vice president and general manager, CA Security Management. “We’re executing on this through a mix of new product development, smart acquisitions and strategic partnerships. This strategy is what helps make CA a great security company.”

CA’s Security Management business offers comprehensive and integrated solutions for managing identity lifecycles within an organization, securing data and resources, managing security information and securing Web-based business applications and services. Over the past six months CA has announced new products or upgrades that support those four security needs.

“Today’s news from CA communicates why it is a clear leader in providing security solutions that address organizations’ business needs for minimizing risk and verifying compliance,” said Christian A. Christiansen, program vice president, Security Products and Services, IDC. “CA’s acquisitions over the past six months are a good fit with customer needs and its adjacent products. With log management, role reduction, and DLP, CA is improving administrative efficiency and integrating identity into DLP.”

CA Enterprise Log Manager, available today, is a new product developed to collect, manage and archive security information, specifically the log data from various IT systems and security devices including firewalls, operating systems, applications, and more. Its capabilities, features and its delivery method streamline Security Information Management (SIM) to provide rapid value to customers while delivering aggregated reports that help verify compliance and support security investigations.

“In today’s difficult economic and increasingly regulated business environment, we are constantly looking for ways to reduce operational cost, mitigate risk and improve privacy and compliance in every aspect of our business,” said Petr Fronek, chief security officer, CMSS, a financial services company based in Europe. “Working with our partner Netguard, we discovered that CA Enterprise Log Manager hits on all four of those areas. Its fast deployment model, wide range of log collection capabilities, and out-of-the-box compliance reports enable us to automate and streamline our compliance efforts and reduce the cost and complexity of compliance processes.”

Some of the features and functionality that customers and partners have highlighted in CA Enterprise Log Manager include:

* Preconfigured reports mapped to common regulatory controls such as PCI, HIPAA, FISMA, SOX and others help speed the reporting that helps confirm compliance.
* Interactive and visual log analysis tools help customers meet the demand that logs are reviewed and analyzed daily for compliance needs.
* A high performance architecture that supports both agent-based and agent-less log collection and allows customers to collect and process a higher rate of events over a sustained period. With its federated architecture, customers can deploy multiple CA Enterprise Log Manager servers and enhance performance.
* A soft appliance delivery model allows customers to install CA Enterprise Log Manager as a soft appliance by selecting the recommended hardware configurations that best meets their performance and budget requirements. CA Enterprise Log Manager can be installed, configured and collecting logs in hours, not days. CA Enterprise Log Manager’s central administration helps simplify log management tasks by enabling administrators to manage, automatically update and configure logging end points from a central management console.

“Effective management of log data is critical in verifying if proper IT controls are in place to provide the necessary proof of compliance,” said Joe Ford, vice president, Patriot Technologies, Inc. “With CA Enterprise Log Manager, our customers can streamline their log-related compliance processes and improve their overall security posture. The product delivers IT activity compliance reports when our customers need it, allows them to speed up daily log review cycles, and enables them to identify control violations quickly"

After completing the Eurekify acquisition in November 2008, CA continued development of the Eurekify products. CA this quarter plans to ship a new release of a Eurekify product under the name CA Role & Compliance Manager. CA Role & Compliance Manager will provide greater capabilities to correlate user accounts across disparate IT systems to a single identity. In addition, it will help improve the ability for customers to address compliance concerns caused by orphan accounts and invalid entitlements, while offering increased flexibility for integration with external systems.

“We have seen an increase in the demand for streamlining users and their assigned privileges due to organizational restructuring events. Organizations are looking for efficiency in building role models, automating compliance processes and dealing with the IT implications of such events,” said Deborah Golden, principal, Deloitte & Touche LLP. “Our Identity Lifecycle Management Joint Solution Offering, which leverages CA’s role and compliance management technology and Deloitte’s* Role Management for Enterprises methodology, can help organizations address this issue and manage roles, identities and compliance processes throughout their life cycles.”

CA DLP is part of CA’s focus to help customers secure data, control access to IT resources, and facilitate compliance with various information security regulations. CA obtained this DLP technology in the Orchestria transaction in January 2009. Available today, CA DLP offers several effective approaches to better secure information across an organization.

* With DLP technology in its Security Management portfolio, CA expands the coverage of its identity and access management capabilities. CA DLP leverages identity attributes such as job title, department and location from systems like Active Directory to more accurately detect data policy breaches.
* CA DLP offers self-remediation to improve operational efficiency. As a security violation is detected, end users can be prompted for input while being presented with explanations of relevant data use policies.
* CA DLP leverages existing technology investments and integrates with leading encryption and log management solutions to enable an information-centric approach to encryption while providing a more complete view of data and resource activity across the organization.

“We have worked with CA on identity and access management projects for large enterprises for several years. We look forward to innovation around new product development and the integration of new solutions to further secure enterprise applications and the underlying infrastructure,” said Golden.

Rounding out the fourth area of CA’s Security Management business is Web-business security. CA announced CA Federation Manager and CA SOA Security Manager during its CA World user conference in November 2008.

CA customers often work with global system integrators, solution providers or directly with CA Services on their enterprise security management integrations. CA Services offers Rapid Implementation and Solution Implementation service offerings to support CA Security Management products. Rapid Implementations help get customers up and running quickly, with defined and measurable results delivered in as little as 30 to 60 days. Solution Implementations are scalable and flexible to address customers’ unique environments. All offerings help lower risk and accelerate time-to-value in security deployments based on CA Services’ proven deployment methodologies and best practices.