Evaluate The Cybersecurity Company Symantec On Operational Technology Security ((link)) -

On jump servers and engineering workstations, Symantec Endpoint Protection (SEP) is competent. It stops commodity malware that might jump from the corporate LAN to the OT network. For basic hygiene at the converged edge , it works. The Bad: Fundamental Misalignment with OT 1. No Native Passive Asset Discovery Mature OT security starts with passive network monitoring (e.g., Nozomi, Claroty, Dragos). Symantec has no native, deep packet inspection (DPI) for industrial protocols (Modbus, DNP3, Profinet, OPC UA). You cannot discover a PLC, RTU, or IED without deploying an agent—which most OT devices cannot run. This is a fatal flaw .

Symantec’s cloud-based threat intel is IT-focused. In a factory, legitimate firmware updates, engineering toolkits, or ladder logic compilers often get flagged as "suspicious." OT teams refuse to deploy tools that require constant whitelisting of routine industrial behavior. The Bad: Fundamental Misalignment with OT 1

– Suitable for light IT/OT convergence, but not for critical infrastructure. The Good: Where Symantec still works 1. Symantec Critical System Protection (CSP) – The Lone Bright Spot CSP is a lightweight, whitelisting-based agent. Unlike antivirus, it doesn’t rely on signature updates. It enforces file integrity, registry/configuration changes, and application control. This is excellent for legacy Windows-based HMIs and SCADA servers where patching is impossible. It’s one of the few Symantec tools that won’t crash a 15-year-old power plant controller. You cannot discover a PLC, RTU, or IED