3 of 5Image
Austin McCabe, Symantec's European managing director, pictured left, and Kevin Hogan, Symantec's director of security response, stand outside the "Airlock": the entrance to Symantec Response. The Airlock leads to three zones in the building: the blue zone, which contains "clean" servers; the green zone, which acts as an interface between between the blue and red zones; and the red zone, which contains infected machines.
The clean machines the antivirus staff work on are physically located inside the blue zone, pictured, while the researchers sit in the red zone, which contains infected machines. The analysts use thin-client terminals linked via cables to the clean "Definition, Build and Certification" systems to compile antivirus signatures.
Hogan said there was "nothing cloak and dagger" about infected machines being physically separate from employees' personal work machines, and that it was simply "to prevent accidents". Hogan added that the antivirus researchers would prefer to work in physical proximity to their personal machines. "It's more of an annoyance, as they can't [easily] access their production [personal] machines," said Hogan.
The green zone is a mixed server room that separates systems requiring access to both the viral network and the clean network. The green-zone servers also maintain firewalls between the blue and red zones.