Critical System Protection

 View Only

Symantec Critical System Protection: Hack-Proof at Black Hat  

Aug 13, 2012 04:33 PM

 

Another year, another exciting Black Hat Conference.  For the second consecutive year, Symantec challenged conference attendees to “Capture the Flag.”  While Symantec ran several smaller contests, the main event was run by placing a flag on an unpatched Windows 2003 server running several vulnerable applications, protected by Symantec solutions.  After two days of attempts by more than 50 skilled hackers, the Symantec protected systems remained hack-proof.

So what prevented some of the best in the world from prevailing?  Symantec Critical System Protection and Symantec Endpoint Protection.

  • Symantec Critical System Protection secured the system by sandboxing the OS and applications. The attacks known or unknown that were thrown at the box were contained and jailed from accessing resources on the system. The flags were locked down to only allow authorized access to the data.  
  • Symantec Endpoint Protection was leveraged to thwart network based attacks and black-list hackers IP addresses that were attempting to enumerate or exploit the system.

Symantec Critical System Protection is policy-based protection that offers comprehensive protection for vSphere, stops zero-day attacks, targeted attacks and provides real-time visibility and control of an organization’s compliance posture.

If you missed out on the fun at the Symantec booth we hope to see you at Black Hat next year.

Learn more about Symantec Critical System Protection and Symantec Endpoint Protection.

 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Sep 13, 2012 11:38 AM

You will have to contact a reseller/partner or Symantec sales for this info.  I cannot quote pricing, as I work on the Support side of the house.  If you dont have a contact, let me know and I can point you in the right direction.

Sep 13, 2012 03:16 AM

is there any pricing for this product ?

in case if it is within our budget, then we might install it in our Tier-1 application.

Sep 10, 2012 05:32 AM

John,
Just to be very clear, SCSP is not an antivirus product. Its much more!
Will

Sep 09, 2012 09:48 PM

Wow very cool,

many thanks for the information people :-)

SCSP sounds like a draconian Antivirus application which doesn't needs to be updated.

Sep 07, 2012 01:05 PM

This question comes up all too often . . .

Symantec Critical System Protection (SCSP) is a VERY strong product that is both an Intrusion Detection System (IDS) that reports nefarious behavior and an Intrusion Prevention System (IPS) that locks down operating systems.

One of my co-workers succinctly described it as an "Operating System filter".  The IPS side of the product monitors calls to the Kernel of the OS (SCSP runs on Windows and many -ix flavors), and will allow or deny the calls to the Kernel depending on the pre-configured policy.  It can even deny Administrator or Root users any privilege, so you can prevent rogue administrators from causing damage, and limit their access to particular files/registries/processes.

Another way to think of SCSP:  It is a way to make it so that a server with a particular role can only do what it was designed to do.  For instance, you can configure a SCSP policy to make it so an Exchange server can only do Exchange tasks, and even if malware is introduced into the system, the malware cannot run.

The product is very lightweight, with an average on 2-4% CPU usage.

SCSP is on the higher end of the price scale, so it is usually reserved for servers and other machines that have high value intellectual property or other sensitive data.  The product also requires some serious configuration -- while there are some SCSP out-of-the-box general policies, it is not like SEP where it is just and install-and-go.  It can take time to tune everything to make it super-secure.

A properly configured SCSP environment can successfully thwart even some of the most sophisticated attacks, as showcased at the past 2 BlackHat conferences.

 

 

Sep 07, 2012 08:20 AM

John,

SCSP and SEP are two entirely different products.  CSP is a super product that has no equals.  It ROCKS!

Check out knowledge base entires here.  If you like, you can contact me directly for more information.

 

Best Regards

Will  Vander Linden - ASC, STS

Security Consultant

ITS Partners

4079 Park East Court

Grand Rapids MI 49546

wvanderlinden@itsdelivers.com

c 616.209.9028

Sep 07, 2012 01:25 AM

What is "Symantec Critical System Protection" ? 

is that different product or just a terms of SEP v 12.1 ?

Aug 29, 2012 02:43 PM

Colin,

Will you please give a brief description of the settings used like you did last year?

 

Thanks and keep up the good work!

Related Entries and Links

No Related Resource entered.