Symantec Critical System Protection
March 01, 2013
Starts at $995 per user licence
What it does: Wraps mission critical environments – OS, applications and more – in protection on the detection and prevention levels.
What we liked: Ability to address critical systems that are not typical – such as Scada, ATMs and point-of-sale terminals – as well as the more prosaic servers and endpoints.
The notion of wrappers has been with us for a long time. Back in the early days of Unix and Linux, we used wrappers to provide security to not-so-secure applications, such as telnet. Today that concept has matured and we see it popping up in modern apps. Symantec CSP is a good example. One might characterise CSP as a security wrapper for mission-critical environments. That means that if it is a crucial piece of the computing infrastructure - such as a Scada system or a medical device controller - it gets the security protection it needs.
That protection does not stop with those systems, however. CSP is integrated with the enterprise's security infrastructure, so it becomes an extension of that environment, extending seamless protection across the enterprise, physical or virtual.
CSP consists of two pieces: a detection and a prevention component. Detection watches behaviour on the enterprise to determine if something is going on that shouldn't be. The component even extends to watching system admin accounts, something that is a sort of Holy Grail for security administrators.
The key to CSP is data. The detection piece monitors everything in the virtualised environment from the hypervisor up through the applications. It looks for disallowed or potentially dangerous actions and kills or de-escalates the process. So an administrator doing something inherently dangerous - inherently because as an admin he/she has total super user rights - may be de-escalated to a normal user without those rights.
CSP has a small footprint - zero to one per cent of system resources on the system to which it is attached - and less than 20MB of storage. It is Windows, Linux and Unix compatible and is optimised for VMware, either vSphere or ESXi. It is behaviour-based, so CSP needs no AV data files or exploit profiles. If an action is going to violate a policy or cause damage, it is stopped. The detection policies are designed to support regulatory compliance and users have a lot of control over how they can configure the system as a whole.
We liked this product for its ability to address important, but hard to secure, systems and still integrate cleanly into the virtualised enterprise as a whole.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry