Symantec's Sydney SOC surge sounds suspiciously so-so

But security vendors need to generate buzz somehow, and that's the problem.

Symantec's so-what launch of a minor facilities upgrade in Sydney illustrates a key problem facing all information security vendors. How do you convince the pointy-haired bosses to go for your company's tender when it's almost impossible to reveal any meaningful comparisons with the competitors?

Symantec were so eager for media coverage of their expanded Managed Security Services (MSS) operation in Sydney this week that they offered to pay for interstate-based journalists' flights and cab fares.

"This local investment story is sure to have significant consequences for the Australian market and up into the rest of Asia. It will also give you a unique chance to have a behind the scenes look at Symantec's Security Operations Centre," enthused one PR email.

But as CSO Online reported yesterday, the total investment was $1 million. That doesn't go far when it's being spent on both "infrastructure and resources", the latter presumably being what we used to refer to as "people".

Symantec won't say exactly what that million was spent on, but they're claiming a 40 per cent increase in the SOC's capacity. Measured somehow.

Well, if that million were all spent on "resources", which it wasn't, it would pay for about eight staff.

Symantec's Sydney SOC operates seven days a week during daylight hours as part of the company's follow-the-sun strategy, where two of their SOCs are online at any one time. So we're talking four more bodies per shift, plus a supervisor.

Since the SOC we toured now has eleven desks in it, this all sounds about right.

But let's put this in context.

Symantec's revenue in 2011 was US$6.19 billion. This new expenditure is 0.016 per cent of revenue. That's not even a rounding error, let alone significant.

Eight more bodies in Sydney when Symantec's Australia and New Zealand staffing is around 650? Will anyone even notice?

And consider the changing infosec landscape.

Even if Symantec's customer base stayed exactly the same, they'd still need a significant expansion of their facilities.

More devices per customer employee, because they have a smartphone and a tablet in addition to their computer. More log lines per device, because higher-speed devices and internet links mean more network events to log. And more and more complex malware means more analyst time to understand what's going on.

A 40 per cent increase in SOC and analyst capacity might well be needed to cope with the organic growth in traffic from Symantec's existing customer base, let alone represent "significant consequences for the Australian market and up into the rest of Asia".

Look, it was nice to catch up with everyone at Symantec for a coffee, as well as fellow journalists. We got to see an ops room that looked exactly like every other ops room on the planet: a few rows of desks with big dual monitors, plus a six-pack of big screens on the end wall. Staff wearing Symantec-branded shirts and trying to look busy with their PowerPoint presentations, because you'd be a fool to put real security information on screen while the media was present. And it was good to meet a new Symantec executive.

But this isn't news.

Nor did we get any news when we were, eventually, at the very end of the media tour, given the chance to talk to the real security engineers and analysts staffing the SOC.

Journalists asked questions. Staffers responded with generic, bland statements. And every time they seemed likely to respond with some interesting, concrete information they were shut down by a sales or PR person. "I'll take that question." Yawn.

Symantec couldn't even answer what I thought was a straightforward question from another journalist: What does this newly-expanded SOC allow you to do that you couldn't do before?


I don't want to give Symantec a hard time. Everyone plays this game.

I did slam Symantec last year for their Norton Cybercrime Report. But while this year's report was also criticised, it's a significant improvement. Better methodology all round. Given the dearth of proper research into online crime, Symantec should be praised for lifting their game. Well done, Symantec.

But every infosec vendor has a sophisticated comprehensive resilient end-to-end 360-degree world-class meat-lover's combo deluxe intelligence-based offering to face the challenges of the complex and evolving threat landscape. Why should we pick yours? The logo? The shirts?

Contact Stilgherrian at or follow him on Twitter at @stilgherrian

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Stilgherrian

Latest Videos

More videos

Blog Posts