# New Host Intrusion Prevention from Symantec



## CompXP2006 (Jan 1, 2006)

*Symantec Announces New Proactive Behavior-Based Host Intrusion Prevention Solution*

CUPERTINO, Calif. - December 12, 2005 - Symantec Corp. (NASDAQ: SYMC) announced Symantec Critical System Protection 5.0, a proactive behavior-based intrusion prevention solution for multi-layered protection of servers and critical clients running on Windows, UNIX and Linux platforms. Available later this month, Symantec Critical System Protection provides zero-day protection against application and operating system attacks, enhanced auditing and compliance enforcement, enterprise reporting capabilities, and improved manageability of heterogeneous environments from a single management console. Using a unique combination of signature and behavior-based detection, this enterprise class product helps prevent system downtime while protecting critical information assets.

"Preventing an information security breach or loss of customer data on critical systems is paramount to avoiding possible damage to a company's brand reputation," said Chirantan "CJ" Desai, director of product management for client and host security at Symantec. "Backed by Symantec's global intelligence network, Symantec Critical System Protection integrates real-time behavior-based intrusion prevention with host intrusion detection to protect and respond against known and unknown attacks."

Symantec Critical System Protection is part of a comprehensive portfolio of endpoint security for both managed and unmanaged end point devices, and enables enterprises to regain control of network security and ensure compliance across the organization. When deployed alongside Symantec Client Security or Symantec AntiVirus Corporate Edition, Symantec Critical System Protection specifically safeguards applications and operating systems without the need for a known signature or patch. It delivers powerful behavior-based intrusion prevention technology for network protection, exploit prevention, system control, along with system audit and alerting capabilities. Buffer overflow and memory-based attack protection provide added defense against the most sophisticated attacks, while a high-performance firewall monitors network traffic with the ability to block inbound and outbound connections by application, port, protocol and IP address range.

"Compliance management and zero-day protection of critical assets is a top priority for today's leading enterprises," said Jon Oltsik, senior analyst with Enterprise Strategy Group. "Symantec Critical System Protection provides a comprehensive, enterprise class security solution with multiple layers of protection to guard against new emerging and blended threat strategies."

A centralized management console allows Symantec Critical System Protection to manage end point systems across large heterogeneous IT environments. Using the management console, security policies can be set to harden and protect systems by creating a shell around each application to define acceptable behavior and user actions to prevent exploitation or misuse. Advanced auditing, monitoring and alerting capabilities along with enterprise class reporting provides detailed, granular analysis to ensure adherence to regulatory compliance requirements. Log consolidation and monitoring capabilities allow for complete event discovery and can be forwarded to Symantec Security Information Manager for correlation analysis and to conduct computer forensic investigations. In addition, the management console can be configured to deliver automatic notification alerts to ensure rapid response to high priority incidents.

To reduce the complexity of administration, Symantec Critical System Protection provides out-of-the-box configurable security policies to lock down the operating system, applications, and databases. These policies automatically adapt to the operating system and applications installed, including custom in-house applications, thereby eliminating the need to configure different policies based on the type of application or machine. Symantec Critical System Protection also prevents unauthorized executables from being introduced and run, along with "de-escalation" of administrative user privileges to restrict access and protect against malicious behavior. Furthermore, IT administrators can configure policy controls over device management, such as USB drive access, CD ROM writing and non-VPN protected wireless connections to prevent the leakage of sensitive customer information.

Availability 

Symantec Critical System Protection 5.0 is scheduled to be available in late December through Symantec's worldwide network of value-added resellers, distributors and systems integrators. Organizations seeking a reseller or distributor should contact Symantec at http://enterprisesecurity.symantec.com.


----------

