Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Security Blog

Symantec Critical System Protection: Hack-Proof at Black Hat

Created: 13 Aug 2012 • 8 comments
colingibbens's picture
+5 5 Votes
Login to vote

 

Another year, another exciting Black Hat Conference.  For the second consecutive year, Symantec challenged conference attendees to “Capture the Flag.”  While Symantec ran several smaller contests, the main event was run by placing a flag on an unpatched Windows 2003 server running several vulnerable applications, protected by Symantec solutions.  After two days of attempts by more than 50 skilled hackers, the Symantec protected systems remained hack-proof.

So what prevented some of the best in the world from prevailing?  Symantec Critical System Protection and Symantec Endpoint Protection.

  • Symantec Critical System Protection secured the system by sandboxing the OS and applications. The attacks known or unknown that were thrown at the box were contained and jailed from accessing resources on the system. The flags were locked down to only allow authorized access to the data.  
  • Symantec Endpoint Protection was leveraged to thwart network based attacks and black-list hackers IP addresses that were attempting to enumerate or exploit the system.

Symantec Critical System Protection is policy-based protection that offers comprehensive protection for vSphere, stops zero-day attacks, targeted attacks and provides real-time visibility and control of an organization’s compliance posture.

If you missed out on the fun at the Symantec booth we hope to see you at Black Hat next year.

Learn more about Symantec Critical System Protection and Symantec Endpoint Protection.

 

Comments 8 CommentsJump to latest comment

Will V's picture

Colin,

Will you please give a brief description of the settings used like you did last year?

 

Thanks and keep up the good work!

 

Please mark posts as the solution if they solve your problem!

-5
Login to vote
John Santana's picture

What is "Symantec Critical System Protection" ? 

is that different product or just a terms of SEP v 12.1 ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

+8
Login to vote
Will V's picture

John,

SCSP and SEP are two entirely different products.  CSP is a super product that has no equals.  It ROCKS!

Check out knowledge base entires here.  If you like, you can contact me directly for more information.

 

Best Regards

Will  Vander Linden - ASC, STS

Security Consultant

ITS Partners

4079 Park East Court

Grand Rapids MI 49546

wvanderlinden@itsdelivers.com

c 616.209.9028

 

Please mark posts as the solution if they solve your problem!

+2
Login to vote
Chuck Edson's picture

This question comes up all too often . . .

Symantec Critical System Protection (SCSP) is a VERY strong product that is both an Intrusion Detection System (IDS) that reports nefarious behavior and an Intrusion Prevention System (IPS) that locks down operating systems.

One of my co-workers succinctly described it as an "Operating System filter".  The IPS side of the product monitors calls to the Kernel of the OS (SCSP runs on Windows and many -ix flavors), and will allow or deny the calls to the Kernel depending on the pre-configured policy.  It can even deny Administrator or Root users any privilege, so you can prevent rogue administrators from causing damage, and limit their access to particular files/registries/processes.

Another way to think of SCSP:  It is a way to make it so that a server with a particular role can only do what it was designed to do.  For instance, you can configure a SCSP policy to make it so an Exchange server can only do Exchange tasks, and even if malware is introduced into the system, the malware cannot run.

The product is very lightweight, with an average on 2-4% CPU usage.

SCSP is on the higher end of the price scale, so it is usually reserved for servers and other machines that have high value intellectual property or other sensitive data.  The product also requires some serious configuration -- while there are some SCSP out-of-the-box general policies, it is not like SEP where it is just and install-and-go.  It can take time to tune everything to make it super-secure.

A properly configured SCSP environment can successfully thwart even some of the most sophisticated attacks, as showcased at the past 2 BlackHat conferences.

 

 

If a post helps you, please mark it as the solution to your issue.

+2
Login to vote
John Santana's picture

Wow very cool,

many thanks for the information people :-)

SCSP sounds like a draconian Antivirus application which doesn't needs to be updated.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

+1
Login to vote
Will V's picture

John,
Just to be very clear, SCSP is not an antivirus product. Its much more!

Will

 

Please mark posts as the solution if they solve your problem!

+2
Login to vote
John Santana's picture

is there any pricing for this product ?

in case if it is within our budget, then we might install it in our Tier-1 application.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

-6
Login to vote
Chuck Edson's picture

You will have to contact a reseller/partner or Symantec sales for this info.  I cannot quote pricing, as I work on the Support side of the house.  If you dont have a contact, let me know and I can point you in the right direction.

If a post helps you, please mark it as the solution to your issue.

+1
Login to vote