News Stay informed about the latest enterprise technology news and product updates.

Symantec’s Security Operations Center: A look inside

During last week’s Symantec Partner Engage conference, I got to do something only 200 of Symantec’s 17,500 employees can do: access the company’s Security Operations Center (SOC).

The SOC in Alexandria, Va. is one of Symantec’s four centers throughout the world. The others are in England, Australia and India, and together they process 2 billion incidents a day for Symantec’s managed security services customers. Here are some photographs from inside the SOC and some more information about the facility:

Symantec SOC

Screens like this one are found throughout the Security Operations Center. They provide real-time information about the biggest security threats, where they’re coming from, and how Symantec is addressing them.

Symantec SOC

Symantec analysts use a program called the analysis response console (ARC) to process their customers’ threats. One screen contains a queue of incidents waiting to be analyzed, and the analysts can pull up specific information about each incident on the other screen to determine the appropriate course of action.

Symantec SOC

Symantec’s systems process most of the 2 billion daily security incidents, but about 3,300 are elevated to the analysts’ level every day.

Symantec SOC

Symantec’s response to the elevated incidents varies, depending on each customer’s contract and the severity of each threat. Customers often receive threat updates by email, and Symantec will call customers when there is a verified attack.

Symantec SOC

And at the end of each shift — the SOC runs 24/7 — the analysts meet to discuss the day’s biggest threats and look for trends.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.