It’s a war on terror you don’t hear about on the nightly news, and the base from which these special ops work is a quiet suburb. But stopping hackers and viruses in their tracks is the mission of the analysts and engineers at Symantec’s security operation centre in Alexandria, Va.
Located in
an unassuming industrial park 25 minutes from Washington, D.C., Symantec’s SOC analysts hunt down hackers, violations and malicious activities as they occur around the world.
Beside the flatscreen beaming CNN into the SOC, a map of the world appears in front of the analysts, showing where on the globe attacks are originating. At that time, Canada was No. 2 in terms of the number of unique IP addresses attacking with 4,570 attacks as of 11:45 a.m.
The centre provides its clients around-the-clock security analysis, early warning detection and the ability to act on suspected acts immediately. Customers can view this activity as Symantec tracks it on their network through a secure portal.
With the increase of blended threats such as Nimda and CodeRed, IT organizations are looking for help in the war on malware, says Brian Dunphy, senior manager, analysis operations with Symantec.
“”We aren’t the end all/be all solution for security for an enterprise. It’s their responsibility to make sure their network is secure but at least they know they don’t need people on 24/7,”” said Dunphy.
Managed services at Symantec include monitored and managed firewall and VPN service to detect and respond to hacker attacks, intrusion detection, Internet vulnerability assessment, managed virus protection and gateway service.
Symantec’s 10,000 sq.ft. security operation centre is one of five SOCs the company operates around the world. Customers can contract for round-the clock surveillance. The facility features a 750 KVA backup generator with capacity to power the entire building with underground fuel tanks for extended generator capacity.
“”When a client outsources their environment to us, the onus is on us to instill trust. At the end of the day, our clients are outsourcing the keys to their kingdom. The approach is to add as many checks and balances as possible to make sure there is that trust,”” he said.
To date, the SOC protects 600 companies worldwide — companies ranging in size from Fortune 500 companies to mid-size enterprises — and is capable of managing 12,500 customer devices such as firewalls and intrusion detection systems, and is expandable to 50,000 devices.
Entrance to the facility is protected by biometric authentication including hand geometry (palm scanner), an access card and PIN code.
Inside the SOC, a team of 15 security analysts and customer engineers keep an eye on their clients’ systems, watching not only for immediate incidents, but trends as they happen around the world.
The engineering staff does patch management and is responsible for all aspects of response for devices such as firewalls and troubleshooting with clients. More than 75 per cent of clients opt for Symantec to handle management of their devices.
For many clients, one of the first questions is whether they need to make a significant investment in new security devices before adopting managed services with Symantec. Dunphy says that’s not the case.
“”One of our philosophies is a client doesn’t need to rip out all their security devices and replace it with Symantec hardware. We (can) manage all industry devices,”” said Dunphy.
Managed security can comprise many things, including what is termed discrete services that may include managed intrusion detection, managed firewall, managed firewall and managed storage.
IDC Canada Ltd. analyst Dan McLean says it’s too early to know what the market will be for managed security services in Canada. Security services (consulting, implementation and management) in Canada for 2003 is estimated to be about a $450 million market. Security software spending in Canada in 2003 hit $145 million — not a lot relative to other investments companies make in IT.