Symantec drops AU$1 million into security operations centre

Symantec had committed approximately AU$1 million to expand its newly relaunched Sydney security operations centre.

Primarily, the money went towards more infrastructure and resources. In particular, it can now collect more information from customer logs in a more efficient manner and improve its threat detection techniques.

The expansion has also upgraded the operations centre's systems so that customers have greater visibility into what security threats and risks might affects their infrastructure and assets.

It is one of four global operations centres, and with the other centres in the UK, US and India, it can provide customers with rolling 24/7 security coverage.

Symantec Senior Vice President for Asia Pacific and Japan Bernard Kwok said that the reason behind the expansion in Sydney, in particular, was to tap into the "very rich and very high calibre of local talent" — talent which is more than just technical skills.

"We're actually able to find some very highly capable professionals that can speak three or four languages. In this part of the world, this is a major advantage for us," he said, alluding to the fact that the Sydney centre is essentially the port of call for customers in the Asia-Pacific region, and thus, may not necessarily speak English.

Watching from the shadows

The role of watching out for threats plays out from a dim lit room in a North Sydney office, where a team of security analysts sit behind a glass wall, hunched over their computers and quietly keeping an eye on the networks of their clients. While the Australian team is relatively small, they work with at least one other global operations centre, as they "follow the sun" to ensure there is always someone keeping an eye out. Globally, the team's job is to scour through some 15 billion log entries each day, and make sense of the information coming in from Symantec's Global Intelligence Network.

The global team watches over about 1,100 customers (which cumulatively total over 744,000 total devices, such as firewalls and routers), and when it detects a pressing issue, raises the alarm with Symantec's 500-strong security response team, who typically respond to an issue within 10 minutes. On average, the team identifies about 1,315 potential security threats, and flags an additional 132 events that are considered severe.

The security operations centre's job has been getting busier in the past few months. The amount of business Symantec has seen go through the operations centre in the past six months has tripled, compared to the six months prior, and its customers have doubled the workload they've handed off to the centre.

But busy doesn't necessarily translate to frantic calls, as more and more security teams are using priority emails or text alerts. Peter Sparkes, director of managed security solutions for Symantec Asia Pacific and Japan, said that even during a significant event, such as a zero-day alert, the operations centre is more often in a calm, almost zen-like state.

And although Sparkes has tried to have the lights on, the analysts have said that they prefer to work in the dark, illuminated only by the glow of their multiple screens. In a way, they're just like the attackers on the other side of the world, who just as quietly launch the attacks they're defending against.