Review: Symantec Critical System Protection

That protection does not stop with those systems, however. CSP is integrated with the enterprise's security infrastructure, so it becomes an extension of that environment, extending seamless protection across the enterprise, physical or virtual. 

CSP consists of two pieces: a detection and a prevention component. Detection watches behaviour on the enterprise to determine if something is going on that shouldn't be. The component even extends to watching system admin accounts, something that is a sort of Holy Grail for security administrators.

The key to CSP is data. The detection piece monitors everything in the virtualised environment from the hypervisor up through the applications. It looks for disallowed or potentially dangerous actions and kills or de-escalates the process. So an administrator doing something inherently dangerous - inherently because as an admin he/she has total super user rights - may be de-escalated to a normal user without those rights. 

CSP has a small footprint - zero to one per cent of system resources on the system to which it is attached - and less than 20MB of storage. It is Windows, Linux and Unix compatible and is optimised for VMware, either vSphere or ESXi. It is behaviour-based, so CSP needs no AV data files or exploit profiles. If an action is going to violate a policy or cause damage, it is stopped. The detection policies are designed to support regulatory compliance and users have a lot of control over how they can configure the system as a whole.

We liked this product for its ability to address important, but hard to secure, systems and still integrate cleanly into the virtualised enterprise as a whole.