McAfee has integrated its vulnerability assessment and policy management products into a single suite in an attempt to better meet enterprise compliance needs.

Total Protection for Compliance provides centralised reporting for audit and compliance purposes via ePolicy Orchestrator (ePO), the primary management console for a wide array of McAfee security products.

It lets security managers combine audit and scanning results to generate reports for compliance initiatives such as the Payment Card Industry (PCI) guidelines, federal requirements such as FISMA, and the Center for Internet Security's best practices, said Bob Tesh, McAfee's group marketing manager.

McAfee's Vulnerability Manager and Policy Auditor products are included in Total Protection for Compliance.

"We've changed Vulnerability Manager, which performs agent-less policy assessments, so it's now looking for both the known good as well as the vulnerabilities," Tesh said.

Vulnerability Manager 6.7 (formerly Foundstone Enterprise) is now integrated with ePO so it can populate ePO with information about IT assets in order to generate compliance-related reports, Tesh noted.

Policy Auditor 5.0.1, McAfee's agent-based software that runs on desktops and servers, is also now sharing information with ePO that can be used to centralise automated compliance reporting.

Another new element in the Total Protection for Compliance suite is what McAfee is calling its Counter-Measure Aware Risk-Management Application (CARMA), which takes threat information produced by McAfee Avert labs to co-relate with any discovered vulnerabilities in IT assets.

While not intended for real-time analysis, the CARMA-generated reports with ePO give security managers details about where their systems may be vulnerable to new types of threats, and can help justify investment in endpoint security protection, Tesh said. Total Protection for Compliance is priced based on the number of monitored IP addresses.