During last week’s Symantec Partner Engage conference, I got to do something only 200 of Symantec’s 17,500 employees can do: access the company’s Security Operations Center (SOC).
The SOC in Alexandria, Va. is one of Symantec’s four centers throughout the world. The others are in England, Australia and India, and together they process 2 billion incidents a day for Symantec’s managed security services customers. Here are some photographs from inside the SOC and some more information about the facility:
Screens like this one are found throughout the Security Operations Center. They provide real-time information about the biggest security threats, where they’re coming from, and how Symantec is addressing them.
Symantec analysts use a program called the analysis response console (ARC) to process their customers’ threats. One screen contains a queue of incidents waiting to be analyzed, and the analysts can pull up specific information about each incident on the other screen to determine the appropriate course of action.
Symantec’s systems process most of the 2 billion daily security incidents, but about 3,300 are elevated to the analysts’ level every day.
Symantec’s response to the elevated incidents varies, depending on each customer’s contract and the severity of each threat. Customers often receive threat updates by email, and Symantec will call customers when there is a verified attack.
And at the end of each shift — the SOC runs 24/7 — the analysts meet to discuss the day’s biggest threats and look for trends.