SYMANTEC CORPORATION in Industrial Control Systems Security Solutions

The company provides ICS security solutions for both operators to secure their plants and infrastructure, as well as, for equipment vendors to increase the security of their products. Symantec’s Critical System Protection (SCSP) helps plant/infrastructure operators protect their equipment from sophisticated attacks. SCSP offers robust, signature-less, and host-based protection in managed and unmanaged scenarios, without compromising the device’s performance to manufacturers and asset owners of embedded systems. Some of the key features of SCSP are application whitelisting, application specific network firewall controls, integrated host-based firewall, USB device whitelisting, auto-sandboxing, anti-exploit mitigation techniques, and deep application discovery.

Symantec Critical System Protection

Symantec Critical System Protection 5.2.6 implements adaptable controls against the known and obscure vulnerabilities affecting one’s basic framework. The administration support empowers executives to arrange and keep up security strategies, oversee clients and jobs, see cautions, and run reports crosswise over heterogeneous working frameworks. Basic System Protection offers adaptable server security that controls client and application practices, squares unseemly system traffic and occasions, and provides non-signature strategy based ways to deal with suit server outstanding burdens dependent on an assortment of server profiles. Framework conduct can be constrained by counteracting explicit activities that an application or client may take and reviewing framework forms, documents, log information, and basic settings for unseemly movement. Basic System Protection encourages meeting consistence necessities by conveying complete review proof by means of combined occasion logs, investigation, and revealing.

Improved Host Protection

• System and device controls lock down configuration settings, file systems, and prevent installation and execution of unauthorized executables
• Zero-Day protection against known and unknown attacks without the need for signature updates
• Out-of-the-box OS hardening via standard policies that ensure an enhanced level of security to the OS

High Performance Operation

• Modular Policy Architecture reduces lengthy rules processing
• Adaptive risk profile protection allows flexible policy enforcement based on server types
• Prevent unauthorized user access and application downloads

Granular Controls across Diverse Server Environments

• Broad platform coverage includes Windows®, Solaris®, Linux®, AIX®, HP-UX®, VMware (console OS and guest VMs), and Virtual Agent for unsupported/less common platforms

Easy Policy-based Deployment and Administration

• Automate responses to events with multiple actions and countermeasures including console alerts, e-mail, SNMP trap, disabling the user account, and executing a command or event logging
• Expand detection policies via the console, allowing more detection rules with fewer policies and edits
• Quickly enforce restrictions to enforce security policies before patches exist or have been deployed

Policy Viewer

• Provides detailed information on HIDS/HIPS policies

Benefits: – Quick assessment of system policies and settings

HIDS Policy Enhancements for Windows

• Reorganized per operating system environment to enhance modularity
• New detections of SQL injection, directory traversal, vulnerable CGI scripts, blacklist IP, malicious strings, and SEP actions

Benefits: – Easier PCI file integrity and user monitoring

File Monitoring Enhancements for Windows

• Monitor ACL’s in file attributes
• Intelligent real-time file hashing (FIPS 180-2)
• Track username and processes associated with file modification within HIDS

Benefits: – Better performance with no polling interval hashing and more granular file integrity monitoring

Unicode Log Monitoring for Windows

Benefits: – Improved log monitoring for critical applications

PCI Policy Guidelines

• Targeted for PCI requirements 10.3, 10.5, and 11.5 for monitoring files, configurations, and users

Benefits: – Reduced complexity for PCI compliance

HIPS Enhancements

• Control over outsourced and remote administrators
• Multiple custom IPS policies per agent
• Enhanced GUI options for policies

Benefits: – Easier management of multi-tier prevention policies

Windows XPe Agent Support

Benefits: – Extends detection and prevention capabilities (especially for PCI requirements) to embedded systems such as retail PoS and medical devices