Cyber security company Symantec unveiled on July 31 a newly enhanced security operations centre (SOC) in Chennai, India that promises to quickly detect and respond faster to online threats.
Linked to its other three SOCs in Asia-Pacific and Japan as well as two others in England and the United States, the new centre will have access to voluminous data from which it can access threat intelligence insights.
John Lionato, Symantec’s vice-president, global operations for cyber security services, described the Chennai SOC as one where the “sun never sets”. It is operational throughout the year, taking over from the other SOCs when their workday ends.
Chennai’s security professionals, he explained, are aligned with Symantec’s customers throughout the world and know in detail their needs. “No matter where our customers are located, they call the professionals they know to have an in-depth discussion of their security issues.”
Equally important in the make-up of the SOC is the availability of security talent. Describing them as the company’s secret sauce, Peter Sparkes, Symantec’s senior director for cyber security services, said the individuals undergo rigorous training and technical certification.
Out of every 70 people the company interviews, only one to two are hired, said Sparkes, who is responsible for Asia-Pacific and Japan. Candidates are selected not only for their technical skills but also other qualities like curiosity and persistence to hunt for cyber attackers. Selected cyber warriors undergo three months of training.
“At the end of training, the new recruits are put to a test. We give them a potential threat gathered from our threat intelligence,” said Sparkes. “A panel of senior security professionals ask questions and observe their actions. Recruits must receive unanimous pass to get permanent employment.”
Symantec SOC staff are also trained in the soft skills of communications so that they are able to explain technical jargon and translate security risks to business risks. Senior market analyst Gurpal Singh from research firm IDC said this is the key differentiator for Symantec because it helps make the service offerings more understandable and tangible.
The Chennai SOC, located in the city’s special economic zone, has 140 cyber security analysts, expanding to 150 in the next 12 months. Altogether, Symantec has about 900 employees including security analysts and online forensic specialists in its cyber security business unit.
The enhancement of the Chennai SOC is part of a US$20 million investment Symantec made in 2015 in these centres in Singapore and Sydney. The expenditure was for IT infrastructure and equipment including enhancing AI and machine learning systems in the Chennai SOC.
Already a trillion-dollar industry, the cyber defence business is exploding due to the rising number of online attacks which are increasing in frequency and intensity. In Singapore, online attacks grabbed headlines last month when public healthcare organisation SingHealth lost 1.5 million customer records to an online hack.
Organisations are looking for SOC services because in-house security professionals are never enough, so “we complement in-house security teams, giving inputs on threat intelligence, identifying and fighting new threats and providing remedial action”, said Marc Andrews, Symantec’s senior vice-president for worldwide sales.
“By collaborating with SOCs, they free up sources to focus on important things like security policies, security forensics and cyber education,” he told Techgoondu.
Sanchit Vir Gogia, chief analyst of research firm Greyhound Research pointed out that the additional pressure on organisations to deliver business outcomes is driving them to focus internal resources on identifying and redefining security metrics.
Hence having access to frontline security resources that have the latest tools and trained professionals help them do this, he added.
Symantec observes about 150 billion logs every day, of which 18 million are identified as potential threats. Through a combination of artificial intelligence and machine learning and human intelligence, this number is further filtered down to 64,000 where security analysts get to work to identify the attackers.
Looking ahead, the company believes that an integrated cyber defence is needed because the digital landscape will expand as mobile phones, sensors and other digital devices proliferate. This defence would include threat intelligence insights, track and trace and incident response.
As part of cyber defence, employee education on security protocols and defence measures is crucial. Apart from simulating attacks and learning how to respond to them, organisations should also re-imagine cyber defence education to make it fresh and interesting, said Andrews.