Symantec Critical System Protection
Maximum protection for physical and virtual data centers.

Features & Benefits:

New Features

With the latest release of Symantec Critical System Protection, 5.2.9 MP3, a deeper integration with VMware and ease-of-use enhancements, enables organization to easily protect against risks targeted at virtualized environments. Some of the new features include:

Protect and Monitor VMware vSphere: Leverage out-of-the-box policies based on the latest vSphere hardening guidelines, to protect the virtual environment – at the management server, hypervisor and guest. Symantec Critical System Protection is widely scalable with a single management server and console supporting thousands of server agents. In 5.2.9, a single agent can monitor multiple ESXi hypervisors in the virtualized data center.

Updated Management User Interface: Get faster and easy access to the right information. Reduce administrative time and effort across server environments with a simplified UI, including powerful search capabilities and simplified policy management.

Integration with Active Directory: Integrate into your Active Directory service to simplify user authentication to Critical System Protection. You can now log on to the console using your enterprise credentials as well as leverage AD security groups within the Critical System Protection policies.

Memory Control: Combat advanced memory attacks, like reflective DLL injection to address vulnerabilities in older Windows 32-bit platforms.

Expanded Platform Support (New in MP3): Extend support to Windows Server Core 2008/2012, Windows Embedded POSReady7, SUSE Linux Enterprise Server 11 SP3 (32-bit and 64-bit). See Symantec Critical System Protection Platform and Feature Matrix for details.

Key Features

• File Integrity Monitoring: Identify changes to files in real-time, including who made the change and what changed within the file.
• Configuration Monitoring: Identify policy violations, suspicious administrators or intruder activity in real-time.
• Targeted Prevention Policy: Respond to server incursion or compromise immediately with quickly customizable hardening policies.
• Granular Intrusion Prevention Policies: Protect against zero day threats and restrict the behavior of approved applications even after they are allowed to run with least privilege access controls.
• File, system and admin lock down: Harden virtual and physical servers to maximize system uptime and avoid ongoing support costs for legacy operating systems.
• Broad Physical Platform Support: Monitor and protect Windows and non-Windows based platforms including Solaris, Linux, AIX, HP-UX; additionally leverage Virtual Agents for unsupported/less common platforms.
• Protect and Monitor vSphere: Leveraging out-of-the-box policies based on the latest vSphere hardening guidelines, organizations are able to completely protect their environment – at the management server, hypervisor and guest.
• Centralized Management: Simplify administration of heterogeneous systems with real-time visibility into events and graphical reporting capabilities.
• Integration with IT GRC and SIEM Solutions: Supported integration with Symantec Control Compliance Suite for unified assessment and monitoring of infrastructure and information, as well as with Symantec Security Information Manager for advanced incident correlation and management.

Key Benefits

• Achieve complete protection for vSphere leveraging out-of-the-box policies based on the latest vSphere hardening guidelines.
• Stop zero-day and targeted attacks on servers with targeted prevention policies.
• Real-time visibility and control into compliance, in a single real-time monitoring and prevention solution.

Comprehensive protection for VMware environments

In a virtual environment, applications and operating systems are subject to the same cyber attacks that are present in a physical environment. Even further, additional attack surfaces such as the hypervisor and management server need protection. When considering security in virtual environments it is important to select a technology that will defend against insider abuse and external threats across the virtual fabric without compromising performance. Critical System Protection is optimized to protect and monitor vSphere 5.0. Leveraging out-of-the box policies based on the latest vSphere hardening guidelines organizations are able to completely protect their environment at the management server, hypervisor, and guest. Key capabilities include:

• VMware vCenter™ management server protection (New): Harden vCenter based on VMware hardening guidelines.
• VMware ESX and VMware ESXi™ hypervisor protection (New): Prebuilt policies to monitor and block malicious activity.
• VMware ESX and ESXi guest protection: Prebuilt policies to harden virtual machines based on unique workload.

Stop internal and external attacks to servers

Servers are frequently targeted by cybercriminals during in the incursion, discovery, and capture phases of a data breach. The techniques used against servers today range from sophisticated penetration techniques to unintentional configuration mistakes by insiders. Critical System Protection allows organizations to protect against internal and external attacks such as Microsoft SQL injections, buffer overflows, and vulnerability exploits in addition to malicious insider abuse and system mis-configurations. By hardening the data center, stop further penetration and prevent the loss of sensitive information. Key capabilities include:

• Targeted prevention policies: One-click prevention policy that can be applied in a breach scenario, or as a way to move from monitoring to prevention.
• Process Access Control (PAC) (New): Prevention against a new class of threats utilizing comprehensive IPS protection. PAC provides additional controls over a running process.
• Out of the box IDS and IPS policies: Prebuilt policies for Windows environments that will monitor and prevent suspicious server activity.
• Application and device control: Lock down configuration settings, file systems, and use of removable media.
• Host firewall: Control inbound and outbound network traffic to and from servers.
• Symantec™ Security Information Manager: Compatibility with Symantec’s leading security incident and event management solution.

Gain real-time visibility into IT compliance posture

To comply with external regulations such as PCI Data Security Standard 2.0 (PCI DSS), North American Electric Reliability Corporation (NERC) and others, organizations must routinely monitor their environment for policy violations and implement compensating controls. In a single solution, Critical System Protection enables organizations to perform real-time monitoring, consolidate event logs for reporting and analysis, while preventing further policy violations with granular policy-based controls. Demonstrate compliance with a centralized solution. Key capabilities include:

• Real-time file integrity monitoring: Identify changes to files in real-time including who made the change and what change occurred.
• Configuration monitoring: Identify policy violations and suspicious activity in real-time.
• IT analytics cube integration (New): Leverage flexible and enhanced dashboarding capabilities augmenting existing Critical System Protection reporting for increased visibility.
• Consolidated event logging: Consolidate and forward logs for long term retention, reporting, and forensic analysis.
• File and system tamper prevention: Lock down configuration, settings, and files.
• Compensating HIPS controls: Restrict application and operating system behavior using policy-based least privilege access control.
• Symantec™ Control Compliance Suite: Compatibility with Symantec’s unified IT compliance solution.

Patch mitigation for new and legacy operating systems

• Applying software patches to new and legacy operating systems improves security posture but also causes system downtime. In addition, paying for extended support for end of life operating systems can be costly and unsustainable. With Critical System Protection, reduce the maintenance costs associated with legacy system support and protect critical systems between patch cycles. By hardening the applications and operating systems of new and legacy systems, customers can ensure maximum security of data centers and maximize system availability. Key capabilities include:
• System hardening: Lock down configuration and settings of critical servers.
• Least privilege access control: Restrict the behavior of applications and operating systems using granular policy based controls.
• Broad physical and virtual platform support: Broad physical and virtual platform support:

System Requirements:

Symantec Critical System Protection Management Server

• Microsoft Windows Server
• SQL Enterprise Server

Symantec Critical System Protection Management Console

• Microsoft Windows
• Java client or web console

Symantec Critical System Protection Agent

• Microsoft Windows
• Sun Solaris
• Red Hat Linux
• SUSE Linux
• HP-UX
• IBM AIX
• VMware ESX Console OS

Documentation:

Download the Symantec Critical System Protection Datasheet (PDF).