Symantec announced the general availability (GA) of the Symantec™ Industrial Control System Protection (ICSP) product on July 2, 2018.
This article contains the following:
Overview of the new features and enhancements made in the release
ICSP 5.4.0 documentation (PDF version)
ICSP 5.4.0 Quick Start guide
ICSP Data Sheet
Note: Be aware that the PDF version of the Symantec ICSP 5.4.0 documentation which has been attached in this article, and is also available under the Support tab on the ICSP Web console, is simply a snapshot and will be outdated should updates occur on the online Help. The PDF file has been generated from the online Help at the time of release of the product.
New features and enhancements made in the release
The new features and enhancements made in version 5.4.0 of the Symantec ICSP product are as follows:
Scanner engine enhancement: To ensure fast, scalable, and reliable protection of your IOT systems, Symantec ICSP is now powered with the Symantec AV Engine. Some highlights of the Symantec AV Engine are as follows:
It is powered by advanced machine learning, and supports signature-based, simulation-based and reputation-based security.
It provides increased scanning performance and improved detection capabilities.
It supports automated download and update of the definition files with no interruption in malware scanning.
Alternative third-party scanner engine options are no longer supported by ICSP.
For more information, see the Overview of the Symantec ICSP scanner engines topic in the attached PDF version of the ICSP 5.4.0 documentation.
Syslog telemetry information enhancements: For Security Incident and Event Management (SIEM) or Security Operations (SOC) integration, the scanner station now sends the following information to the configured syslog server:
When a scan is initiated, the scanner station notifies the syslog server about malware detection events, detailed information about the removable USB device (USB device name, vendor ID, and product ID), detected malware and the corresponding path, and actions taken on the detected malware.
When a scan completes, the aggregated report with the details of the scanned removable USB device, malware detection count, and count of the actions taken on the malware is sent to the configured syslog server.
For more information, see the Managing SNMP notifications topic in the attached PDF version of the ICSP 5.4.0 documentation.
ICSP licensing enhancements: The process to activate ICSP, use the offline updater, and renew the ICSP license has been made more secure. You are now required to upload your ICSP license file and enter the ICSP appliance serial number to perform these activities.
For more information, see the Generating the Symantec ICSP license file topic in the attached PDF version of the ICSP 5.4.0 documentation. Note: If you have any questions related to renewal of your ICSP license, contact https://support.symantec.com/ or your Symantec sales partner.
Symantec rebranding changes: Symantec ICSP has evolved from the erstwhile Blue Coat ICS Protection product. Symantec has made significant enhancements to the product by leveraging its best security technologies against any USB-borne malware. Keeping in tune with the wide array of Symantec products, ICSP has been rebranded. The product is now officially branded as Symantec™ Industrial Control System Protection. The ICSP Web console and the scanner station screens have been updated to reflect the Symantec branding.
Symantec ICSP documentation enhancement: The Symantec ICSP documentation is now available as an online Help in addition to the existing PDF version.
The Symantec ICSP online Help supports easy retrievability of information through search mechanism, displays related articles and other critical information resources, and enables you to provide feedback on the available information.
Enhanced Windows platform support: Support for the Microsoft Windows Server 2016 platform has been added. For more information, see the Overview of the supported Windows platforms topic in the attached PDF version of the ICSP 5.4.0 documentation.