McAfee has formed a new business unit to look at IT governance, risk and compliance. The new Risk and Compliance Business Unit will focus on driving innovation and will enable McAfee to enhance, integrate and add content to its current risk and compliance offerings.

The company will also concentrate efforts to include tighter cross-product integration with other McAfee products.

"Organisations face an ever-increasing array of policies and regulations," said Dave DeWalt, CEO and president of McAfee. "As a result, governance, risk and compliance is rapidly growing and continuously evolving part of our industry. Formation of the McAfee Risk and Compliance Business Unit positions us well to leverage our compliance expertise and build on our strengths to simplify the enterprise challenges in this important area."

The new business unit will be headed by George Kurtz, an internationally recognised security expert and author who has served in a variety of leadership roles at McAfee. Previously, Kurtz was CEO of Foundstone, which was acquired by McAfee in October 2004.

"Risk and compliance is the number one driver of security investment," said Kurtz. "We're launching the Risk and Compliance Business Unit to drive innovation, streamline execution, provide a stronger focus for customers, and most importantly, ensure superior customer satisfaction."

McAfee has also extended its risk and compliance product portfolio with the new version of McAfee Vulnerability Manager 6.5 (formerly known as Foundstone Enterprise). McAfee Vulnerability Manager helps security administrators to quickly and accurately find and prioritise vulnerabilities and policy violations on networked systems. It enables enterprises to improve operational efficiency and security protection, while also meeting the requirements of regulations and standards.

Vulnerability Manager 6.5 extends the capabilities of agentless scanning by adding policy compliance checks for both Windows and Unix systems. By taking advantage of the agentless policy compliance auditing features in Vulnerability Manager 6.5, companies are able to meet stringent requirements for compliance reporting as called out in regulations such as PCI DSS, FISMA and GLBA, as well as in security standards such as ISO 27002.