The Cybersecurity Company Symantec On Operational Technology Security Better — Evaluate

Symantec’s cloud-based threat intel is IT-focused. In a factory, legitimate firmware updates, engineering toolkits, or ladder logic compilers often get flagged as "suspicious." OT teams refuse to deploy tools that require constant whitelisting of routine industrial behavior.

If your organization is already deeply embedded in Broadcom’s ecosystem (e.g., Symantec DLP, Proxy, Endpoint), adding OT security is cheap and easy to log. Centralized management via EDR/SEIM plugins reduces overhead. Symantec’s cloud-based threat intel is IT-focused

– Suitable for light IT/OT convergence, but not for critical infrastructure. The Good: Where Symantec still works 1. Symantec Critical System Protection (CSP) – The Lone Bright Spot CSP is a lightweight, whitelisting-based agent. Unlike antivirus, it doesn’t rely on signature updates. It enforces file integrity, registry/configuration changes, and application control. This is excellent for legacy Windows-based HMIs and SCADA servers where patching is impossible. It’s one of the few Symantec tools that won’t crash a 15-year-old power plant controller. Centralized management via EDR/SEIM plugins reduces overhead

Verdict: A legacy IT giant struggling to retrofit its signature endpoint technology for the unique demands of Operational Technology. While the Critical System Protection (CSP) agent is a niche gem, the broader portfolio lacks the purpose-built asset discovery, passive network monitoring, and "safety-first" philosophy required for mature OT security. Symantec Critical System Protection (CSP) – The Lone