It’s a war on terror you don’t hear about on the nightly news, and the base from which these special ops work is a quiet suburb. But stopping hackers and viruses in their tracks is the mission of the analysts and engineers at Symantec‘s security
operation centre in Alexandria, Va.
Located in an unassuming industrial park 25 minutes from Washington, D.C., Symantec’s SOC analysts hunt down hackers, violations and malicious activities as they occur around the world.
Beside the flatscreen beaming CNN into the SOC, a map of the world appears in front of the analysts, showing where on the globe attacks are originating. On Monday of this week, Canada was No. 2 in terms of the number of unique IP addresses attacking with 4,570 attacks as of 11:45 a.m.
The centre provides its clients around-the-clock security analysis, early warning detection and the ability to act on suspected acts immediately. Customers can view this activity as Symantec tracks it on their network through a secure portal.
With the increase of blended threats such as Nimda and CodeRed, IT organizations are looking for help in the war on malware says Brian Dunphy, senior manager, analysis operations with Symantec in Virginia.
“”We aren’t the end all/be all solution for security for an enterprise. It’s their responsibility to make sure their network is secure but at least they know they don’t need people on 24/7,”” said Dunphy.
Managed services at Symantec include monitored and managed firewall and VPN service to detect and respond to hacker attacks, intrusion detection service, Internet vulnerability assessment services, managed virus protection and gateway service.
Dunphy said many organizations are still scrambling to get a grasp on security across the enterprise, especially with the increase in the demands of patch management. Often, he said, aspects of security management become a difference of philosophy between the CISO and the CIO — one believes a threat means having to patch the problem while the other sees patching as introducing more problems.
“”The CIO says patching introduces insecurity because you have to test the patch and feel ‘If everything is working great let’s just keep it running.’ The CISO sees it as a need to lock down everything,”” said Dunphy.
Symantec’s 10,000 sq.-ft. security operation centre is one of five SOCs the company operates around the world (two in the U.S., three in Europe). Customers can contract for round-the clock surveillance. The facility features a 750 KVA backup generator with enough capacity to power the entire building and underground fuel tanks provide extended generator capacity.
“”When a client outsources their environment to us, the onus is on us is to instill trust. At the end of the day, our clients are outsourcing the keys to their kingdom. The approach is to add as many checks and balances as possible to make sure there is that trust,”” he said.
The SOC is capable of managing 12,500 customer devices — such as firewalls and intrusion detection systems — and is expandable to 50,000.
Entrance to the facility is protected by biometric authentication including hand geometry (palm scanner), an access card and PIN code.
Inside the SOC, a team of 15 security analysts and customer engineers keep an eye on their clients’ systems, watching not only for immediate incidents but trends and occurrences as they happen around the world.
The engineering staff does patch management and are responsible for all aspects of response for devices such as firewalls and troubleshooting with clients. More than 75 per cent of clients opt for Symantec to do management of their devices.
For many clients, one of the first questions is whether they need to make a significant investment in new security devices before adopting managed services with Symantec. Dunphy says that’s not the case.
“”One of our key philosophies here is a client doesn’t need to rip out all their security devices and replace it with Symantec hardware. We have the capability of managing all industry devices,”” said Dunphy.
Managed security can comprise many things, including what is termed discrete services that may include managed intrusion detection, managed firewall, managed firewall and managed storage.
IDC Canada Ltd. analyst Dan McLean says its too early to know what the market will be for managed security services in Canada. Security services in Canada for 2003 is estimated (consulting, implementation and management) is about a $450 million market in this country. Security software spending in Canada in 2003 hit $145 million — not a lot relative to other investments companies make in IT.
“”It seems pretty modest,”” said McLean.
McLean points out that Symantec has been trying to get customers to think about security in a much broader way for the last few years and that may give them a leg up in a market that is still evolving but is the future.
“”Part of the challenge for Symantec is because they are largely a product company — at least that’s how people know them — their challenge is to tell a story that extends beyond thinking about security as products but at the same time sell products,”” he said. “”I hope they have a lot of skilled and savvy security partners that they can bring in. If they have relationships with customers around some of the security products they buy, hopefully they have some strong services partners they can refer customers to.””
Comment: [email protected]
