Symantec's Sydney SOC surge sounds suspiciously so-so

But security vendors need to generate buzz somehow, and that's the problem.

Symantec's so-what launch of a minor facilities upgrade in Sydney illustrates a key problem facing all information security vendors. How do you convince the pointy-haired bosses to go for your company's tender when it's almost impossible to reveal any meaningful comparisons with the competitors?

Symantec were so eager for media coverage of their expanded Managed Security Services (MSS) operation in Sydney this week that they offered to pay for interstate-based journalists' flights and cab fares.

"This local investment story is sure to have significant consequences for the Australian market and up into the rest of Asia. It will also give you a unique chance to have a behind the scenes look at Symantec's Security Operations Centre," enthused one PR email.

But as CSO Online reported yesterday, the total investment was $1 million. That doesn't go far when it's being spent on both "infrastructure and resources", the latter presumably being what we used to refer to as "people".

Symantec won't say exactly what that million was spent on, but they're claiming a 40 per cent increase in the SOC's capacity. Measured somehow.

Well, if that million were all spent on "resources", which it wasn't, it would pay for about eight staff.

Symantec's Sydney SOC operates seven days a week during daylight hours as part of the company's follow-the-sun strategy, where two of their SOCs are online at any one time. So we're talking four more bodies per shift, plus a supervisor.

Since the SOC we toured now has eleven desks in it, this all sounds about right.

But let's put this in context.

Symantec's revenue in 2011 was US$6.19 billion. This new expenditure is 0.016 per cent of revenue. That's not even a rounding error, let alone significant.

Eight more bodies in Sydney when Symantec's Australia and New Zealand staffing is around 650? Will anyone even notice?

And consider the changing infosec landscape.

Even if Symantec's customer base stayed exactly the same, they'd still need a significant expansion of their facilities.

More devices per customer employee, because they have a smartphone and a tablet in addition to their computer. More log lines per device, because higher-speed devices and internet links mean more network events to log. And more and more complex malware means more analyst time to understand what's going on.

A 40 per cent increase in SOC and analyst capacity might well be needed to cope with the organic growth in traffic from Symantec's existing customer base, let alone represent "significant consequences for the Australian market and up into the rest of Asia".

Look, it was nice to catch up with everyone at Symantec for a coffee, as well as fellow journalists. We got to see an ops room that looked exactly like every other ops room on the planet: a few rows of desks with big dual monitors, plus a six-pack of big screens on the end wall. Staff wearing Symantec-branded shirts and trying to look busy with their PowerPoint presentations, because you'd be a fool to put real security information on screen while the media was present. And it was good to meet a new Symantec executive.

But this isn't news.

Nor did we get any news when we were, eventually, at the very end of the media tour, given the chance to talk to the real security engineers and analysts staffing the SOC.

Journalists asked questions. Staffers responded with generic, bland statements. And every time they seemed likely to respond with some interesting, concrete information they were shut down by a sales or PR person. "I'll take that question." Yawn.

Symantec couldn't even answer what I thought was a straightforward question from another journalist: What does this newly-expanded SOC allow you to do that you couldn't do before?

Tumbleweeds.

I don't want to give Symantec a hard time. Everyone plays this game.

I did slam Symantec last year for their Norton Cybercrime Report. But while this year's report was also criticised, it's a significant improvement. Better methodology all round. Given the dearth of proper research into online crime, Symantec should be praised for lifting their game. Well done, Symantec.

But every infosec vendor has a sophisticated comprehensive resilient end-to-end 360-degree world-class meat-lover's combo deluxe intelligence-based offering to face the challenges of the complex and evolving threat landscape. Why should we pick yours? The logo? The shirts?

Contact Stilgherrian at Stil@stilgherrian.com or follow him on Twitter at @stilgherrian

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Microsoft confirms HTTP Strict Transport Security for IE 12

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Secure, identity-based protection for your endpoints

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.