Symantec Data Center Security: Server Advanced (DCS:SA) provides a policy-based
approach to endpoint security and compliance. The intrusion prevention and
detection features of DCS:SA operate across a broad range of platforms and
applications. It provides:
■ A policy-based host security agent for monitoring and protection.
■ Proactive attack prevention using the least privilege containment approach.
■ A centralized management environment for enterprise systems that contain
Windows, UNIX, and Linux computers.
The major features of DCS:SA are as follows:
■ Intrusion detection facility for compliance auditing
■ Real-time file integrity monitoring
■ Granular change detection of registry values, file contents, and attributes
■ Operating system and application log monitoring
■ Local event correlation and smart response actions
■ Intrusion Prevention facility for malware prevention and system lockdown
■ Sandbox containment of operating system and application processes by an
in-kernel reference monitor
■ Granular access control of network, file systems, registry, process-to-process
memory access, system calls, and application and child process launches
■ Privileged user and program behavior
■ Anti-malware security
DCS:SA Security Virtual Appliance (SVA) provides agentless anti-malware
security services for the virtualized network through integration with the VMware
Network and Security Virtualization (NSX) platform. SVA provides two types of
policies: Antivirus policies, and configuration policies.
■ Comprehensive out-of-the-box policies for complete system monitoring and
protection of physical and virtual systems
■ Security orchestration using Operations Director. Operations Director is intended
to:
■ Automate security provisioning workflow.
■ Provide application-centric security service.
■ Seamlessly integrate with VMware NSX.
Provide out-of-box security product integration.
■ Centralized management environment for administering agents, policies, and
events
■ Integration with Security Information and Event Management (SIEM) and other
security tools, as well as enterprise infrastructure components such as Active
Directory, SMTP, and SNMP
■ Broad platform support across Windows, Linux, UNIX and virtual environments
for critical servers, workstations, laptops, and standalone systems
The major benefits of DCS:SA are as follows:
■ Reduces emergency patching and minimizes patch-related downtime and IT
expenses through proactive protection that does not require continuous updates.
■ Reduces incidents and remediation costs with continuous security. Once the
agent has a policy, it enforces the policy even when the computer is not
connected to the corporate network. And even if a computer is unable to obtain
the latest patches in a timely fashion, DCS:SA continues to block attacks so
that the computer is always protected.
■ Provides visibility and control over the security posture of business-critical
enterprise assets.
■ Uses predefined compliance and hardening policies to provide efficient security
management, reporting, alerting, and auditing of activities.