Symantec has announced the opening of its largest security operations centre (SOC) in Chennai. The new facility accomodates over 140 staff with room for another hundred as the company escalates its efforts against cybercrime in order to protect all their customers, from the largest corporates to individuals at home. What is it that makes a SOC important?
Today's threat landscape is far different to that of even just a handful of years ago. According to Symantec's Executive Vice President and General Manager for Cyber Security Services, Samir Kapuria, the company now collects about 151 billion logs each day representing about 18 billion security events that need to be analysed for actual threats and attacks. One of the analysts working in the facility told me it was common for them to notify customers of unauthorised intrusions before they become acute incidents.
These volumes make the SOC a "neural centre" said Kapuria.
One of the reasons the SOC has access to such a massive amount of data is that Symantec has opened their doors to some degree. They can collect data from security appliances and services made by other security vendors. Rather than expecting businesses to put all their eggs in Symantec's basket, they can collect data from firewall appliances from Palo Alto, for example, and then create actionable advice on how to respond to those threats for other customers using an appliance from CheckPoint.
The Chennai SOC is one of six globally, with four in the Asia Pacific region. The others in our region are Sydney, Tokyo and Singapore.
Peter Sparkes, Symantec's Senior Director for Cyber Security Services in the Asia Pacific & Japan region, said a SOC is far more than "two guys with a SIEM [Security Incidnet and Event Management] tool".
The SOC receives data from consumers, through Symantec's end-point software, and business customers. Artificial intelligence and machine learning tools process the data and expose to analysts the items that require further investigation and intervention.
That interaction between the technology and people is critical and two-way said Sparkes. As well as helping the analysts to focus on relevant alerts, the analysts can feed what they learn back so the AI and machine learning models can be enhanced and improved.
By having the data enter the SOC, processed with a combination of AI and people and then used to dealer actionable advice and solutions to customers, Marc Andrews, a senior Vice President at Symantec, says the company can keep supporting customers while managing the challenges of a global skills shortage.
That direct support is focussed on Symantec's corporate clients but reaches consumers through the new Norton Core router, which was released into retailers earlier this week.
During the official opening of the SOC, one of the speakers, Alex Paul Menon from the Chhattisgarh Infotech Promotion Society said that in India a 10% increase in mobile device penetration delivered a 1% increase in GDP. But that expansion of mobile devices also delivered a broader attack surface. And while that data was specific to India, there's little doubt the massive increase in mobile devices globally hasn't resulted in a new classes of threats with billions of new devices to attack.
A SOC allows a business to concentrate their threat analysis and response efforts so they can amplify the value of the tools they employ. And, as the threat landscape becomes increasingly complex, there's a need to escalate efforts now - something Sparkes has been working as he leads efforts to expand Symantec's SOC network through expansions such as the one in Chennai or the launch of new centres such as the one in Sydney recently. But there's also a need to ensure you're ready for what comes next, which is why there were about a hundred spare seats at the Chennai SOC.
Anthony Caruana travelled to Chennai as a guest of Symantec.