AWS IoT Device Defender vs. Symantec Critical System Protection

We have used AWS IoT Device Defender to safeguard our client's IoT senors placed in a manufacturing unit for implementing Industry 4.0 solutions. Its machine learning and automation capabilities have ensured that we get alerts whenever something abnormal or spike in a particular metric is detected which lets us sleep at night. Didn't find any scenario where it is less suited.

Symantec Critical System Protection (CSP) is very well suited for environments that do not change such as point of sale systems and critical servers. This product is spectacular at protecting end of life operating systems when supporting legacy software prevents upgrades. When security updates are no longer available, CSP will prevent exploits and other malware from taking advantage. This product is not well suited for systems that require a lot of changes. For one, it does not notify when a change has been blocked by CSP, causing some server administrators to waste many hours chasing a phantom technical problem when turning off CSP could have solved it right away. Also, profiling takes time so systems that constantly change would need hundreds of exceptions made.

Incentivized

• software is having an easy interface
• prevents malicious data inflow/outflow from the AWS resources
• collect data from different devices
• generating alerts in case of any threshold.
• Unique identity per device

• Data Center Security 6.0 and higher allows you to easily build out policies to deploy to monitor/block what is required/needed.
• The agent that is installed on the hosts has a small footprint in terms of CPU and memory usage.
• The ability to customize it anyway you need to as well as utilize out of the box policies to monitor critical OS functionality.

• Support to more range of Application vulnerabilities
• Data Management can be richer
• Limited Computing Power at times

• Tuning takes a very long time
• Turning the product on or off can take time
• When an action is prevented by CSP, there is no pop up or notification, making this a burden for server administrators

Incentivized

They respond quickly and efficiently without the need to reiterate the actual issue. Their backline support is amazing and always there for us when it is needed. They explain the troubleshooting steps taken and what they did to help us resolve the issue just incase it creeps up again we have the information to correct it ourselves.

We evaluated Bit 9 and you have more flexibility with the rule set and do not rely on the cloud to tell you what is approved and not approved. You build out the policies the way you need them to be and who better knows the environment that the people that work it daily.

• It's ML part which is already trained and on the top of that we can add our own model to define device behaviors to monitor traffic and set the upmost security.

• Great protection for unchanging systems
• We have comfort that the protected systems are safe from intrusion
• Excellent price

Incentivized