Review: Symantec Critical System Protection

By on
Review: Symantec Critical System Protection

The notion of wrappers has been with us for a long time. Back in the early days of Unix and Linux, we used wrappers to provide security to not-so-secure applications, such as telnet. Today that concept has matured and we see it popping up in modern apps. Symantec CSP is a good example. One might characterise CSP as a security wrapper for mission-critical environments. That means that if it is a crucial piece of the computing infrastructure - such as a Scada system or a medical device controller - it gets the security protection it needs.

That protection does not stop with those systems, however. CSP is integrated with the enterprise's security infrastructure, so it becomes an extension of that environment, extending seamless protection across the enterprise, physical or virtual. 

CSP consists of two pieces: a detection and a prevention component. Detection watches behaviour on the enterprise to determine if something is going on that shouldn't be. The component even extends to watching system admin accounts, something that is a sort of Holy Grail for security administrators.

The key to CSP is data. The detection piece monitors everything in the virtualised environment from the hypervisor up through the applications. It looks for disallowed or potentially dangerous actions and kills or de-escalates the process. So an administrator doing something inherently dangerous - inherently because as an admin he/she has total super user rights - may be de-escalated to a normal user without those rights. 

CSP has a small footprint - zero to one per cent of system resources on the system to which it is attached - and less than 20MB of storage. It is Windows, Linux and Unix compatible and is optimised for VMware, either vSphere or ESXi. It is behaviour-based, so CSP needs no AV data files or exploit profiles. If an action is going to violate a policy or cause damage, it is stopped. The detection policies are designed to support regulatory compliance and users have a lot of control over how they can configure the system as a whole.

We liked this product for its ability to address important, but hard to secure, systems and still integrate cleanly into the virtualised enterprise as a whole.

What it does: Wraps mission critical environments – OS, applications and more – in protection on the detection and prevention levels. What we liked: Ability to address critical systems that are not typical – such as Scada, ATMs and point-of-sale terminals – as well as the more prosaic servers and endpoints.

Got a news tip for our journalists? Share it with us anonymously here.
In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?