Symantec Data Center Security, as a name, represents the perfect solution if you want to harden your servers. The product includes an IPS and IDS without signature-based detection. Whatever you need to control—processes, network traffic, or user access—you can accomplish it. It is a comprehensive solution for security.

Most companies use Symantec Data Center Security to harden their servers. Consider the legacy servers from 2003 running Windows that are now obsolete. Most countries still use these servers as legacy infrastructure with no patches coming after three years. Symantec Data Center Security is the best solution if you do not have another way to patch those servers. No one will change anything until they become aware of it.

Symantec Data Center Security operates without IPS signature detection. This means you whitelist the processes that need to run on the solution. Once whitelisted, any process or script you try to run that is not whitelisted will not be allowed. Whatever you have whitelisted is acceptable because you know those processes. If something new happens, such as an attacker changing credentials to run a script, those scripts will not be in the whitelist, so they will not run. This solution is the best for DMZ servers, critical servers, and ATM systems. If you examine ATMs, most are located outside the building. Symantec Data Center Security is the best solution for hardening these systems because if someone tries to manipulate access, the solution will prevent it.

As an IDS, Symantec Data Center Security is perfect. There is a bunch of policies already included in the solution. If you want to monitor Active Directory, you apply an IDS policy for Active Directory. If you want to monitor Oracle servers, there is a policy for Oracle. You simply add the policy, and anything that changes will alarm you.

IDS means you can overview what happens on the server. Each and everything is there. Syslogs exist on Windows servers, but it is very hard to know what is going on. Symantec Data Center Security elaborates for you who made a change, where, and what they changed.

The solution is designed so that you first implement the Symantec Data Center Security agent, and the first policy you apply is without protection. IPS typically prevents anything you apply it to, but Symantec Data Center Security includes a learning mode. You apply an IPS policy without protection and during the first week you see how many processes are running daily, then you whitelist them. Otherwise, you do not know what is necessary to run the application. A policy gives you the leverage to be in hardening mode, protecting mode, or learning mode. This learning mode for the IPS is the beauty of this application.

The primary focus of data center security often revolves around serving customers who offer services to other clients within the data center. For example, if I operate a data center and provide security services, third-party customers might purchase virtual machine products within my data center. These products are automatically deployed, and we safeguard these virtual machines using intrusion prevention system features. This aspect is considered the most valuable part because when we set up these security policies, it's as if we're fortifying the entire infrastructure. It's not just about having good technical support; it's about having a robust IPS and comprehensive DOS  prevention system on those operating systems. The advantage of Data Center Security is its ease of use and that it serves as a single unified platform, where I can apply all my security policies to protect that server.

The standout feature for me is the precision of Symantec Data Center Security. It ensures that only the right folks can access our machines, especially the critical and genuine folders. The real strength lies in its straightforward approach, offering just two key policies: prevention and detection. It is like having a robust gatekeeper for our system.

The standout feature is its robust hardening capability. The ability to finely control permissions and restrictions on servers or assets through a customizable rule set is a key strength. This granularity allows for tailored adjustments in line with organizational policies, making it a valuable aspect of the solution.

The beauty of the product is the complete system lockdown feature. It ingests all the logs over a month, including the daily processes, tasks, legitimate users, and activities. The tool will then detect any anomalies, such as an intruder who has breached the network, which can trigger the system lockdown feature if it's enabled and meets the defined threshold.

The prevention feature, for which we could restrict the users, is useful. Let's say there were one Lotus Notes or there was one Domino server that had the directory of all the email users in the organization, and there were around 40,000 users with email accounts in that particular customer location. Apart from a few on top, for example, trusted administrators, no one in the organization should have access to be able to change anything. Even the server admin owner who has created that server cannot do anything and cannot apply a dot or delete that dot from the directory through this particular tool.

We configured it in such a manner so that, apart from those five administrators, no one from the entire organization or an attacker will not be able to make any changes in the directory itself. They cannot spoil it, and they cannot use the information. Even the read access of that particular directory can be revoked from an administrator. 

The granularity of applying the policies is valuable. It is really helpful. Other solutions we use lack granularity.

We use the product to prevent unauthorized access to data, systems, and servers. It provides essential features for data center security.

The console and tools are very user-friendly. We can easily fetch reports and upload them in the report logs. It's very easy for us.

The file integrity monitoring features are the most valuable features of this product. 

The most valuable feature is the centralized console, which can handle different products that we have. It is essentially a segregation option.

The most valuable feature is the endpoint protection system.

The most valuable feature is that the protection of the hard disk security is built in, so it is a ready-to-use product. The monitoring in the management console allows us to find out what is going wrong, and it gets reports even before the user reports it.

Having it in advance of the user is important because it takes time to comprehend. Once we know what is going on and who is doing it, we can act accordingly. We have created our own workflow mechanism as an outcome of this, and we can update the identity and provisioning if any modifications need to be done.