Symantec announces new proactive behavior based host intrusion prevention solution

Symantec Critical System Protection provides zero-day protection against application and operating system attacks, enhanced auditing and compliance enforcement, enterprise reporting capabilities, and improved manageability of heterogeneous environments from a single management console. Using a unique combination of signature and behavior based detection; this enterprise class product helps prevent system downtime while protecting critical information assets.

"Preventing an information security breach or loss of customer data on critical systems is paramount to avoiding possible damage to the reputation of companies in the region, as well as worldwide. Protecting personal information is a high priority for customers in the region, and we have seen an increasing number of customers coming to us to talk about proactive prevention solutions supported with Symantec services" commented Ivor Rankin, Senior Manager, Technical Consulting, Symantec MENA. "Backed by Symantec's global intelligence network, Symantec Critical System Protection integrates real time behavior based intrusion prevention with host intrusion detection to protect and respond against known and unknown attacks."

"As legislation becomes increasingly important to institutions in the Middle East, companies will be increasingly required to demonstrate that they are doing more to protect the confidentiality of customer and company information" Rankin continued. "Furthermore, as the region becomes more significant in the global economy, hackers are starting to turn their attention to servers in the region that could yield a wealth of confidential information. Employing a solution such as Symantec Critical System Protection 5.0 enables a company to be more on guard, with the ability to automate their incident response capability thereby preventing and mitigating attacks in real-time."

Symantec Critical System Protection is part of a comprehensive portfolio of managed and unmanaged end point devices, and enables enterprises to regain control of network security and ensure compliance across the organisation. When deployed alongside Symantec Client Security or Symantec AntiVirus Corporate Edition, Symantec Critical System Protection specifically safeguards applications and operating systems without the need for a known signature or patch. It delivers powerful behavior-based intrusion prevention technology for network protection, exploit prevention, system control, along with system audit and alerting capabilities. Buffer overflow and memory-based attack protection provide added defense against the most sophisticated attacks, while a high-performance firewall monitors network traffic with the ability to block inbound and outbound connections by application, port, protocol and IP address range.

Advanced auditing, monitoring and alerting capabilities along with enterprise class reporting provides detailed, granular analysis to ensure adherence to regulatory compliance requirements. Log consolidation and monitoring capabilities allow for complete event discovery and can be forwarded to Symantec Security Information Manager for correlation analysis and to conduct computer forensic investigations. In addition, the management console can be configured to deliver automatic notification alerts to ensure rapid response to high priority incidents.

To reduce the complexity of administration, Symantec Critical System Protection provides out-of-the-box configurable security policies to lock down the operating system, applications, and databases. These policies automatically adapt to the operating system and applications installed, including custom in-house applications, thereby eliminating the need to configure different policies based on the type of application or machine. Symantec Critical System Protection also prevents unauthorised executables from being introduced and run, along with "de-escalation" of administrative user privileges to restrict access and protect against malicious behavior. Furthermore, IT administrators can configure policy controls over device management, such as USB drive access, CD ROM writing and non-VPN protected wireless connections to prevent the leakage of sensitive customer information.

"Compliance management and zero-day protection of critical assets is a key priority for today's leading enterprises, concludes Rankin. "Symantec Critical System Protection therefore provides regional customers with a comprehensive, enterprise class security solution with multiple layers of protection to guard against new emerging and blended threat strategies."

Availability

Symantec Critical System Protection 5.0 is scheduled to be available in late December through Symantec's worldwide network of value-added resellers, distributors and systems integrators. Organizations seeking a reseller or distributor should contact Symantec at http://enterprisesecurity.symantec.com .