Symantec Critical System Protection is intrusion detection software that protects against day zero attacks, hardens systems, and helps maintain compliance by enforcing behavior-based security policies on clients and servers. A centralised management console enables administrators to configure, deploy and maintain security policies, manage users and roles, view alerts, and run reports across heterogeneous operating systems.
As the name suggests, Symantec Critical System Protection is designed to protect and control any and all actions that can be performed on your critical systems. These can include actions ranging from preventing the modification/deletion of critical files, to controlling access to for instance a Microsoft Management Console, even if the user is a local system administrator.
An ounce of prevention is worth a pound of cure: This old proverb is still rings true with today’s information and systems security best practises. A pro-active rather than reactive security posture is the best strategy for reducing costs. With Symantec Critical System Protection for example you can deny an executable the ability to launch along with a huge array of other preventive controls; the inherent benefits are numerous and typically include:
Preventing a virus, spyware, trojan or other malicious application - any opportunity to propagate or deliver its payload. You may be that unlucky individual who firsts receive the new malware that, as yet, Virus vendors have not seen or worked into their virus definitions library. In which case traditional AV scanning will miss the risks (termed zero day threats), however only allowing known and trusted applications to launch prevents everything else that may be such a threat.
Configuration Control is the term to describe the formality of system change requirements, the idea long proven is that any changes to a production system, should be reviewed, tested and at all times recognised by the people that have to support such a system. Application control can help enforce such polices and keep the ‘standardised build’ sacred and contribute with:
Reduced support costs due to unfamiliar application fire fighting remediation.
Software Licensing and usage rights.
Enforcing staff productivity.
Segregating and reducing administrator privilege abuse.
Opinion
We recommend Symantec Critical System Protection as it provides a strong, robust and fully flexible security layer to any high risk or high value system. One such benefit worth noting is its ability to apply different actions based on the granularity of the user, the application or the event. SCSP can be just as easily deployed to control Admin access on a System, as it can to offer virus protection for legacy systems that don’t support virus scanning. SCSP offers the ability to mitigate just about every type of Host System security threat, and is incredible powerful. It provides the extended and comprehensive level of security where Windows, Linux and the alike can only hope to obtain, the examples on this page can you help understand its power.
Features & Benefits
Key Features
Host Intrusion prevention system that shields operating systems, applications, and services by defining acceptable behaviour and safe actions for each function.
Offers system protection from miss-use by unauthorized users and applications through system and device controls that lock down configuration settings, file systems, and the use of removable media.
Provides monitoring, notification, and auditing features that ensure host integrity, system and regulatory compliance.
Enables cross-platform server auditing and compliance enforcement with graphical reporting engine featuring multiple queries and graphic formats to visually highlight data.
Some Examples of usage
SCSP is a very powerful host security solution that we recommend for any high value or high risk system. Below are just a few usage scenarios where we have seen SCSP successfully deployed:
Web page defacement: SCSP is configured to continually monitor web site pages and compare against approved pages to detect web site defacement. This has been used by high profile companies who wish to protect their brand and on line e-commerce platforms.
PCI compliance: Deployed by organisations who want to address the FIM (file Integrity monitoring) mandates within the PCI (payment card Industry) standard.
Staff information abuse: By creating so called ‘bait’ folders (such as HR, Key Customer, R&D plans or whatever is relevant to your organisation) and configuring SCSP to watch such folders and locations you can have real time alerting and log event collection as staff misuse their rights to access such bait folders.
Admin Account Control: Where it’s desirable to separate Administrator privileges from System access, we would recommend SCSP to define separate roles; for instance the Sys-Admin would continue with their tasks of maintaining and configuring the System as normal, but their rights to access files and folders on such systems would be removed and enforced with SCSP. This is very relevant to organisation’s who wish to use contractors or third parties to maintain their systems, but don’t want them to have access to the data.
Hack Detection: Similar to the staff information abuse scenario above, although in this situation the ‘Admin’ account is renamed something less obvious, and another new account with null rights and credentials is created in its place. SCSP is configured to watch the new Admin account and alert whenever its access is attempted Only those who are not aware and hence are not authorised will try to log onto the account, with SCSP alerting in real time and recording the events and log actions, you have a 100% effective host intrusion detection system . Although you can use any Account as a decoy in this way, the Admin account is one typically targeted by hackers and hence reaps the earliest signs of attack.
