Symantec Critical System Protection: Hack-Proof at Black Hat
Another year, another exciting Black Hat Conference. For the second consecutive year, Symantec challenged conference attendees to “Capture the Flag.” While Symantec ran several smaller contests, the main event was run by placing a flag on an unpatched Windows 2003 server running several vulnerable applications, protected by Symantec solutions. After two days of attempts by more than 50 skilled hackers, the Symantec protected systems remained hack-proof.
So what prevented some of the best in the world from prevailing? Symantec Critical System Protection and Symantec Endpoint Protection.
- Symantec Critical System Protection secured the system by sandboxing the OS and applications. The attacks known or unknown that were thrown at the box were contained and jailed from accessing resources on the system. The flags were locked down to only allow authorized access to the data.
- Symantec Endpoint Protection was leveraged to thwart network based attacks and black-list hackers IP addresses that were attempting to enumerate or exploit the system.
Symantec Critical System Protection is policy-based protection that offers comprehensive protection for vSphere, stops zero-day attacks, targeted attacks and provides real-time visibility and control of an organization’s compliance posture.
If you missed out on the fun at the Symantec booth we hope to see you at Black Hat next year.
Learn more about Symantec Critical System Protection and Symantec Endpoint Protection.
About Endpoint Security Blog
The Endpoint Security Blog is the perfect place to get news addressing global endpoint security, insights from our relationships with government and cyber security industries, and hearing from our think-tank of experts regarding your world, your protection.
Comments 8 Comments • Jump to latest comment
Colin,
Will you please give a brief description of the settings used like you did last year?
Thanks and keep up the good work!
Please mark posts as the solutions if they solve your problem!
Will VanderLinden
ITS Partners
What is "Symantec Critical System Protection" ?
is that different product or just a terms of SEP v 12.1 ?
Kind regards,
John Santana
IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
John,
SCSP and SEP are two entirely different products. CSP is a super product that has no equals. It ROCKS!
Check out knowledge base entires here. If you like, you can contact me directly for more information.
Best Regards
Will Vander Linden - ASC, STS
Security Consultant
ITS Partners
4079 Park East Court
Grand Rapids MI 49546
wvanderlinden@itsdelivers.com
c 616.209.9028
Please mark posts as the solutions if they solve your problem!
Will VanderLinden
ITS Partners
This question comes up all too often . . .
Symantec Critical System Protection (SCSP) is a VERY strong product that is both an Intrusion Detection System (IDS) that reports nefarious behavior and an Intrusion Prevention System (IPS) that locks down operating systems.
One of my co-workers succinctly described it as an "Operating System filter". The IPS side of the product monitors calls to the Kernel of the OS (SCSP runs on Windows and many -ix flavors), and will allow or deny the calls to the Kernel depending on the pre-configured policy. It can even deny Administrator or Root users any privilege, so you can prevent rogue administrators from causing damage, and limit their access to particular files/registries/processes.
Another way to think of SCSP: It is a way to make it so that a server with a particular role can only do what it was designed to do. For instance, you can configure a SCSP policy to make it so an Exchange server can only do Exchange tasks, and even if malware is introduced into the system, the malware cannot run.
The product is very lightweight, with an average on 2-4% CPU usage.
SCSP is on the higher end of the price scale, so it is usually reserved for servers and other machines that have high value intellectual property or other sensitive data. The product also requires some serious configuration -- while there are some SCSP out-of-the-box general policies, it is not like SEP where it is just and install-and-go. It can take time to tune everything to make it super-secure.
A properly configured SCSP environment can successfully thwart even some of the most sophisticated attacks, as showcased at the past 2 BlackHat conferences.
If a post helps you, please give it a thumbs up or mark it as the solution to your issue.
Wow very cool,
many thanks for the information people :-)
SCSP sounds like a draconian Antivirus application which doesn't needs to be updated.
Kind regards,
John Santana
IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
John,
Just to be very clear, SCSP is not an antivirus product. Its much more!
Will
Please mark posts as the solutions if they solve your problem!
Will VanderLinden
ITS Partners
is there any pricing for this product ?
in case if it is within our budget, then we might install it in our Tier-1 application.
Kind regards,
John Santana
IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
You will have to contact a reseller/partner or Symantec sales for this info. I cannot quote pricing, as I work on the Support side of the house. If you dont have a contact, let me know and I can point you in the right direction.
If a post helps you, please give it a thumbs up or mark it as the solution to your issue.
Would you like to reply?
Login or Register to post your comment.