Symantec™ Critical System Protection

See what Symantec™
Critical System
Protection can do for
your organization.
Symantec™ Critical System Protection
Use Case Catalog
Ensure maximum server security across physical and virtual environments.
Comprehensive protection for evolving data centers
“Traditional endpoint security
solutions are not able to meet
the varying confidentiality,
integrity, and availability
requirements unique to different
servers and their workloads.”
Ensuring security in the data center is an ongoing concern. With evolving threats,
rapid data center changes (including virtualization), and increasingly stringent
compliance requirements, organizations may find their traditional security
solutions inadequate.
Traditional endpoint security solutions may provide useful layers of defense
on individual computers, but are not able to meet the varying confidentiality,
integrity, and availability requirements unique to different servers and their
workloads. This is particularly challenging as organizations virtualize more of
their servers.
10 reasons why server security is imperative
67 percent of breaches
occur on servers1
Industries
we protect:
Retail
Government
Finance
Target of
insider and
advanced
threats
Require protection
against
malicious
activity as well
as configuration
change visibility
Core component of
IT network and
infrastructure
94 percent of
stolen data is
from servers1
75 percent of x86
servers will be
virtualized by 20132,
which will introduce
a new set of risks
Require custom
protection of
critical data
Need to support
business critical
workflow and/or
apps
Continuous
availability
highly important
Healthcare
Education
Why choose
Symantec?
Tried-and-trusted server
security solutions
Systems protected by
Symantec remained
uncompromised at the Black
Hat Conference 2011 and 2012
VMware® Ready™ Data
Protection Status
Broad range of platform
support
Comprehensive solutions
Policy-based protection
Secure platforms
spanning physical
and virtual
1: 2012 Data Breach Investigations Report, Verizon, http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
2: Forrester, The CISO’s Guide To Virtualization Security, January 2012
2
Symantec Critical System Protection strategic use cases
To address these challenges, Symantec™ Critical System Protection has been designed to safeguard dynamic virtual and
physical infrastructures – from single data centers to the most complex mixed private-public cloud environments. By
monitoring and protecting servers using granular, policy-based controls, your organization can proactively safeguard
heterogeneous server environments and the information they contain.
Use case 1:
Browse the strategic
uses of Critical System
Protection and identify
which ones can help your
organization reach its
business objectives.
Use case 2:
Harden and protect your
VMware® infrastructure
Protect your domain
controllers
Use case 3:
Use case 4:
Use case 5:
Address PCI compliance
requirements
Stop zero-day attacks and
reduce cost of support
Shield embedded systems
from targeted attacks
$
$
3
Use case 1: Harden and protect your VMware infrastructure
Are you meeting VMware hardening guideline
requirements?
How do you restrict unauthorized access to your
virtual environment?
How do you protect the management server,
hypervisor, and guest VMs?
Why it matters
Piecemeal security technologies, such as antivirus and whitelisting, are unable to protect virtual servers sufficiently, due
to varying confidentiality, integrity and availability requirements. Without a way to protect each layer of the virtual fabric,
servers as well as the applications and information they contain, will be exposed, increasing the risks of data breach and
critical business downtime.
Symantec solution
Critical System Protection secures your VMware vSphere® environments through a combination of out of-the-box host
intrusion detection (HIDS) and intrusion prevention (HIPS) policies based on the latest VMware hardening guidelines.
Key benefits
Gain maximum protection across the VMware® vCenter™ management
server, ESXi hypervisor, and guest virtual machines
Sealed Air intends
to roll out Critical System
Protection in more than
1,000 physical and
virtualized data center
servers. The host–based
intrusion detection and
intrusion prevention
capabilities of Critical
System Protection, along
with more granular
policy-based controls,
will give us more robust
endpoint security for
our data center
environment.
Leverage out-of-box protection using both host-based intrusion detection
(HIDS) and intrusion prevention (HIPS)
Harden, protect, and monitor Microsoft® Windows®-based vCenter servers
against unauthorized access, zero-day, and targeted attacks
Monitor the hypervisor for unauthorized access
How it works
Harden vSphere by securing the vCenter Server and application stack with a
Critical System Protection agent installed on the Windows Server
Monitor all ESXi hypervisor hosts remotely through VMware vSphere
Command-Line Interface (vCLI)
Harden and protect each virtual server’s unique workload with Critical
System Protection agents in each guest virtual machine
Leverage out-of-box custom reports for your VMware environment
— Clay Boswell,
Director of Information Assurance,
Sealed Air Corp.
4
Use case 2: Protect your domain controllers
How do you secure your Active Directory (AD)
environment, specifically the domain controllers that
are the gatekeepers of your organization’s critical
information?
Can your organization afford a domain
controller attack?
How can you prevent your domain controller user
database file from getting in the wrong hands?
Why it matters
Many cyber criminals attempt to access user credentials through AD environments. Hence, AD domain controllers are
popular targets of attack. The number of threats against AD continues to rise and a breach can yield potentially
devastating consequences.
Symantec solution
Critical System Protection secures and hardens your domain controller using policy-based prevention and
real-time detection.
Key benefits
Customer success story
After a devastating security
breach, an aerospace
company leveraged Critical
System Protection to
successfully lock down
their domain controller
environment, preventing
unauthorized access to
confidential database
files. With Critical System
Protection, they have been
able to prevent zero-day
attacks and other malicious
activities because only
trusted sources are allowed
to run on domain controllers.
Stop internal and external attacks on domain controllers
Reduce risk by blocking unauthorized access
Protect your critical infrastructure by locking down the AD database files
How it works
Leverage out-of-box “strict” HIPS policy to lock down the Windows server
and protect it from zero-day and targeted attacks
Prevent malware from accessing resources on the domain controller
through Least Privilege Access Control/Sandboxing technologies
Control inbound and outbound network traffic to and from the AD
domain controllers through Host Firewall
Restrict application and user access to AD database files
Continuously monitor, control, and report on changes to key configuration
files with Real-time File Integrity Monitoring (FIM)
5
Use case 3: Address PCI compliance requirements
How do you meet and maintain Payment Card
Industry Data Security Standard (PCI DSS) compliance
on your servers?
How do you protect valuable cardholder data and
maintain PCI DSS compliance?
How do you detect configuration changes and prevent
configuration drift?
Why it matters
To meet PCI DSS compliance, organizations need to constantly monitor their environment for policy violations, while
implementing compensating controls for any exceptions to PCI DSS mandates.
Symantec solution
Critical System Protection performs real-time monitoring, consolidates event logs for reporting and analysis, prevents policy
violations and tampering to configurations, and also provides compensating controls to meet specific PCI DSS compliance
requirements – all in a single solution.
Key benefits
Customer success story
A large financial institution
wanted a behavior-based
security solution and
policy-based protection
to address FIM, PCI and
SOX requirements. With
Critical System Protection,
they are able to get FIM
capabilities out-of-the-box,
and can deploy policies
quickly to meet their growing
requirements. They have
increased their security
posture in their DMZ,
maintained ongoing PCI
DSS compliance, identified
problems with misconfigured
applications, and gained
visibility into configuration
management challenges they
didn’t even know existed.
Protect PCI data and servers from compromise
Meet ongoing PCI DSS requirements
(specifically requirements 1.3, 5, 7, 10, 11)
Reduce risk through real-time detection of unauthorized behavior
Get faster insight into problems that could impact security
Undertake forensic investigation quickly to determine
the best course of action
How it works
Continuously monitor, control, and report on changes
with File Integrity Monitoring
Detect changes from desired configuration
with out-of-the-box detection policies
Restrict user, applications and network access to PCI devices assets using
policy-based least privilege access control
Leverage real-time dashboards, automated reporting,
and alerts identifying weaknesses in security
Track security status and quickly investigate incidents
with consolidated event logging
Lock down configuration, settings and files
with File and System Tamper Prevention
6
Use case 4: Stop zero-day attacks and reduce cost of support
How do you protect your servers from unknown
vulnerability exploits (zero-day attacks)?
How do you protect your legacy operating systems
without paying for costly extended support?
$
Cybercriminals are taking aim at your systems
between patch cycles; is your security
up to the challenge?
Why it matters
Legacy operating systems require costly software security patches to maintain their security posture. Applying patches
can cause system downtime, and cybercriminals can attack these systems between patch cycles by exploiting
zero-day vulnerabilities.
Symantec solution
Critical System Protection can block unauthorized applications on servers, protect against zero-day attacks, reduce the
maintenance costs associated with legacy system support, and protect systems between patch cycles.
Key benefits
Customer success story
A large retailer needed to
support and protect old
Windows NT and 2000
machines. Instead of paying
Microsoft for extended
support, Critical System
Protection was used to
lock the systems down and
prevent misuse, resulting in
a significantly lower cost and
lower risk.
Prevent exploit of known and unknown vulnerabilities to stop
zero-day attacks
Protect legacy Windows NT® and Windows® 2000 systems
Get immediate protection with out-of-the-box policies
Gain greater security visibility and mitigation during patch cycles
Shield software vulnerabilities from being exploited until patches
can be developed and deployed
Eliminate costly downtime and emergency patching
Reduce risk of breach for unknown and unpatched vulnerabilities
How it works
Harden the operating system and prevent known vulnerabilities from
exploit with out-of-the-box IPS policies that are specifically tuned to
the particular operating platform
Restrict behavior of applications and operating systems using granular
policy based controls and sandboxing
Delay patch deployment until your regular patch cycle with a default-deny
security posture for any unknown/new executable
Prevent applications from being exploited via memory buffer overflow
attacks on Windows 32- and 64-bit systems
Leverage broad physical and virtual platform support across all 5 major
platforms, i.e., Windows, Linux®, AIX®, Solaris™ and HP-UX®
7
Use case 5: Shield embedded systems from targeted attacks
How do you stop advanced attacks on point-of-sale
(POS) machines, kiosks, automated teller machines
(ATMs) and Industrial Control System (ICS) servers
without the need for continuous signature updates?
$
How are you controlling unauthorized applications
from being installed on embedded systems?
How do you ensure your ICS or shop floor IT system is
secure from targeted attacks?
Why it matters
POS systems, kiosks, ATMs and ICS servers are mission-critical equipment for many organizations. However, these systems
often have little protection against today’s multiple threats, such as targeted attacks, running of unauthorized applications
and credit card theft. Traditional antivirus software can be employed by organizations, but they can negatively impact
system performance through continuous signature updates.
Symantec solution
Critical System Protection can lock down and secure these embedded systems against unauthorized applications and
malware with a lightweight but comprehensive security solution that is based on security policies and behavior lock-down,
not continuous antivirus signature scans.
Key benefits
Stop malware from infecting embedded systems through advanced
threat protection
With Symantec
Critical System Protection,
Symantec supplies the
best basis for Intrusion
Protection on the market
today. The collaboration
with a strong partner
like Symantec enables
Wincor Nixdorf to further
strengthen its successful
security solution portfolio
in the long term,
— Bernd Redecker,
Head of Security Solutions Banking,
Wincor Nixdorf.
Reduce costs associated with patching cycles and signature updates
Leverage a low footprint security solution that runs transparently,
without the heavy resource utilization, and constant signature updates
of traditional solutions
Meet compliance requirements
Monitor and maintain globally dispersed embedded systems easily
How it works
Lock down configuration settings, systems and use of removable media
with application and system control
Continuously monitor, control, and report on changes
to configuration files with File Integrity Monitoring
Leverage a lightweight Critical System Protection agent
to minimize performance impact
Restrict applications and network access to systems using
policy-based least privilege access control/sandboxing
8
More information
Visit the website
symantec.com/critical-system-protection
To speak with a Product Specialist in the U.S.
Call +1 800 745 6054
To speak with a Product Specialist outside the U.S.
For specific country offices and contact numbers, please visit the Symantec website.
About Symantec
Symantec protects the world’s information and is the global leader in security,
backup, and availability solutions. Our innovative products and services protect
people and information in any environment – from the smallest mobile device, to
the enterprise data center, to cloud-based systems. Our industry-leading expertise
in protecting data, identities, and interactions gives our customers confidence
in a connected world. More information is available at www.symantec.com or by
connecting with Symantec at go.symantec.com/socialmedia.
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.