Managing risk

Symantec has laid plans for world domination of managed security services with its state-of-the-art security operations centres (SOCs), which are located across three continents of the globe. NME visited the SOC in Alexandria, USA to see the technology deployed up close and talk to the people behind the strategy.

  • E-Mail
By  Simon Duddy Published  March 5, 2005

|~|Grant_Geyer_m.jpg|~|“There is still a long way to go in the MSS space but we are an early leader and are well positioned to capitalise on future growth in the market. We will both compete and partner with the larger companies in the space but our focus will always be on helping customers to solve business problems.” - Grant Geyer, vice president of managed security services for Symantec.|~|At first glance, Symantec’s security operations centre (SOC) in Alexandria, USA seems little more than a techie’s playground, with analyst pods, screens filling the walls and engineers beavering away on consoles. Add the neat line in black leather chairs on castors and you could be forgiven for thinking you’ve stumbled into the lair of Dr. Evil. But despite the comic value of the deliberately futuristic technology deployed by Symantec, the vendor is engaged in serious business. Symantec has four hubs located worldwide, two in Europe, with one each in the USA and Australia and a further SOC as part of a joint venture in Japan. The four directly controlled SOCs service over 4,000 security nodes including firewalls, intrusion detection devices and integrated security appliances. The vendor claims utilising managed security services (MSS) lends great benefits to companies that don’t have the resources to carry out effective security monitoring themselves. Symantec says many companies can’t manage their security devices because they lack monitoring expertise, don’t have time to search through alert logs, are unable to keep up to date with virus signatures and security patches and can’t make best use of their security staff. “It is difficult to find someone you know and trust and even if you have a security architect you are happy with, you don’t want him putting out fires all the time,” says Elizabeth Joyce, director, MSS operations Americas & Asia Pacific. “You’d rather have him concentrate on strategy while someone else takes care of the day to day monitoring,” she adds. Symantec insists that this is where it excels, with its monitoring infrastructure geared up to support devices from a wide variety of vendors. One of the core elements of the SOCs is Symantec’s proprietary software, which automatically chews up the millions of alerts generated by the devices under its control and spits out those that matter. This allows a typical device managed by Symantec, which receives around 9.5 million alerts in one month to whittle this down to 1,328 events that could potentially present a danger. These events are then forwarded to the analysts based in the SOCs and they typically narrow these down to approximately 350 actual attacks, with an average of three severe incidents. The analysts then take on the role of security police and call up the stricken company, inform them of the danger and direct them in remediation of the problem. The security firm has a service level agreement (SLA) that states it will warn a company within ten minutes of an attack. Symantec points to the fact that it has not paid out on this and that its performance is monitored by independent auditors, as proof that its service can be trusted. Trust is the key issue in MSS and if the business is to go grow, companies must trust vednors that take on responsibility for the most critical systems in their business. “The main stumbling block is companies’ reluctance to hand over the management of such a critical task like network security to an external entity,” says Sherif Shaltout, senior information security analyst, ISS. “Companies in the region tend to very highly regard the confidentiality of their information and would be very reluctant to give full control to an external entity regardless of how strict and assuring the outsourcing contract terms are,” he adds. The market has seen some demand for MSS with some analysts predicting it has a rosy future. The Yankee Group claims enterprises will outsource almost 90% of their security needs by the end of the decade. However, uptake has been slow in the Middle East, as is clear from anecdotal evidence and the relatively small number of devices managed by Symantec. In fact, the very immaturity of the approach sets some enterprises against it. “We carried out a survey to assess security outsourcing in the region in October 2003 and we concluded that the market was not mature enough. There was only one vendor (DataFort) that was ready in the region at that time and we didn’t want to risk it,” says Adel Ahmed Al Zarouni, senior vice president of IT, Abu Dhabi Islamic Bank. Exacerbating lack of demand in the region, is the resistance many companies have to handing over their critical systems to a western company like Symantec. In a bid to overcome the reluctance of regional players to trust a foreign MSS vendor, these outsourcing players are keen to partner with local companies. This promises a potent marriage of local accountability and global clout. An example of this is Symantec and IMT’s partnership in Saudi Arabia, that sees the Saudi company front the operation while drawing on Symantec’s worldwide network of SOCs to provide early warning against any potential threat to enterprises. “IMT takes care of the implementation, configuration, response and remediation and outsource monitoring to us. The customer sees one entity and the solution, being both local and international, delivers value from both perspectives,” says Kevin Isaac, regional director, Middle East & Africa, Symantec. Symantec has also signed a memorandum of understanding (MOU) with Etisalat solutions arm, eCompany. This could pave the way for the two companies combining to make MSS more popular in the region. eCompany arguably has the skills and local reputation to deliver all aspects of an MSS solution, apart from providing early warning of threats, Symantec can offer. There is also debate on how ready Symantec is to compete with larger IT outsourcing players. MSS is a small sub-section of the IT outsourcing business, with many companies, such as IBM, more established in this market. Many of these companies are looking to incorporate MSS capability into their overall offering and as Symantec is a relatively new player, it faces a considerable challenge competing with the experience and established relationships garnered by IT outsourcing giants. On the other hand, Symantec’s greatest advantage lies in its proprietary technology and security expertise. “We believe Symantec is well-positioned to compete with established outsourcers, as companies tend to treat their security separately to other IT processes,” says Heini Booysen, program manager for IDC Middle East and North Africa. “Often companies prefer to outsorce to security specialists and Symantec is much better positioned to address this demand,” he adds. Pricing for a standard firewall managed service package starts at US$750 per month and rises to US$3,600 for a premium monitored and managed service for an integrated security appliance. Taking these prices, the number of managed devices under its control and discounts offered to larger customers, it is probable that Symantec isn’t yet making a huge amount of revenue from managed services. In fact, the services segment of Symantec’s business in its last quarter of publicly declared results makes up only 2.2% of Symantec’s total revenue, and the services unit includes education and consulting business as well as MSS. Given the considerable on-going investment in its SOCs, Symantec needs this business to grow quickly. Expect to see Symantec and its partners push very hard in the coming years to convince the enterprise to trust them with elements of its security solution. They will make much of their ability to manage security risks for other companies but Symantec is taking a considerable risk of its own with its sizeable investment in MSS. “There is still a long way to go in the MSS space,” says Grant Geyer, vice president of managed security services for Symantec. “But we are an early leader and are well positioned to capitalise on future growth in the market. We will both compete and partner with the larger companies in the space but our focus will always be on helping customers to solve business problems,” he adds.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code