Another year, another exciting Black Hat Conference. For the second consecutive year, Symantec challenged conference attendees to “Capture the Flag.” While Symantec ran several smaller contests, the main event was run by placing a flag on an unpatched Windows 2003 server running several vulnerable applications, protected by Symantec solutions. After two days of attempts by more than 50 skilled hackers, the Symantec protected systems remained hack-proof.
So what prevented some of the best in the world from prevailing? Symantec Critical System Protection and Symantec Endpoint Protection.
Symantec Critical System Protection is policy-based protection that offers comprehensive protection for vSphere, stops zero-day attacks, targeted attacks and provides real-time visibility and control of an organization’s compliance posture.
If you missed out on the fun at the Symantec booth we hope to see you at Black Hat next year.
Learn more about Symantec Critical System Protection and Symantec Endpoint Protection.
You will have to contact a reseller/partner or Symantec sales for this info. I cannot quote pricing, as I work on the Support side of the house. If you dont have a contact, let me know and I can point you in the right direction.
is there any pricing for this product ?
in case if it is within our budget, then we might install it in our Tier-1 application.
Wow very cool,
many thanks for the information people :-)
SCSP sounds like a draconian Antivirus application which doesn't needs to be updated.
This question comes up all too often . . .
Symantec Critical System Protection (SCSP) is a VERY strong product that is both an Intrusion Detection System (IDS) that reports nefarious behavior and an Intrusion Prevention System (IPS) that locks down operating systems.
One of my co-workers succinctly described it as an "Operating System filter". The IPS side of the product monitors calls to the Kernel of the OS (SCSP runs on Windows and many -ix flavors), and will allow or deny the calls to the Kernel depending on the pre-configured policy. It can even deny Administrator or Root users any privilege, so you can prevent rogue administrators from causing damage, and limit their access to particular files/registries/processes.
Another way to think of SCSP: It is a way to make it so that a server with a particular role can only do what it was designed to do. For instance, you can configure a SCSP policy to make it so an Exchange server can only do Exchange tasks, and even if malware is introduced into the system, the malware cannot run.
The product is very lightweight, with an average on 2-4% CPU usage.
SCSP is on the higher end of the price scale, so it is usually reserved for servers and other machines that have high value intellectual property or other sensitive data. The product also requires some serious configuration -- while there are some SCSP out-of-the-box general policies, it is not like SEP where it is just and install-and-go. It can take time to tune everything to make it super-secure.
A properly configured SCSP environment can successfully thwart even some of the most sophisticated attacks, as showcased at the past 2 BlackHat conferences.
John,
SCSP and SEP are two entirely different products. CSP is a super product that has no equals. It ROCKS!
Check out knowledge base entires here. If you like, you can contact me directly for more information.
Best Regards
Will Vander Linden - ASC, STS
Security Consultant
ITS Partners
4079 Park East Court
Grand Rapids MI 49546
wvanderlinden@itsdelivers.com
c 616.209.9028
What is "Symantec Critical System Protection" ?
is that different product or just a terms of SEP v 12.1 ?
Colin,
Will you please give a brief description of the settings used like you did last year?
Thanks and keep up the good work!