Symantec Critical System Protection (CSP)
Strengths: Wraps mission critical environments – OS, applications and more – in protection on the detection and prevention levels.
Verdict: Ability to address critical systems that are not typical – such as SCADA, ATMs and point-of-sale terminals – as well as the more prosaic servers and endpoints.
The notion of wrappers has been with us for a long time. Back in the early days of Unix and Linux, we used wrappers to provide security to not-so-secure applications, such as telnet. Today that concept has matured and we see it popping up in modern apps. Symantec CSP is a good example. One might characterize CSP as a security wrapper for mission-critical environments. That means that if it is a crucial piece of the computing infrastructure - such as a SCADA system or a medical device controller - it gets the security protection it needs.
But that protection does not stop with those systems. Because CSP is integrated with the enterprise's security infrastructure, it becomes an extension of that environment, extending seamless protection across the enterprise, physical or virtual.
CSP consists of two pieces: a detection and a prevention component. Detection watches behavior on the enterprise to determine if something is going on that shouldn't be. The component even extends to watching system admin accounts, something that is a sort of Holy Grail for security administrators.
The key to CSP is data. The detection piece monitors everything in the virtualized environment from the hypervisor up through the applications. It looks for disallowed or potentially dangerous actions and kills or de-escalates the process. So an administrator doing something inherently dangerous - inherently because as an admin he/she has total superuser rights - may be de-escalated to a normal user without those rights.
We liked this product for its ability to address important, but hard to secure, systems and still integrate cleanly into the virtualized enterprise as a whole.