The SOC, located in Chennai, India, is a local support centre for regional customers, and also serves as a resource to Symantec’s operations and customers globally.
This SOC holds a special place in the world: Symantec says it operates the largest civil cyber intelligence network in the world, and of that network, it is the Chennai SOC which is Symantec’s largest and most modern. Consequently, it is the largest cyber security centre in the largest cyber security network.
The SOC is not new — it opened in 2011 as a front-line defence against online threats for customers across the world — but Tuesday’s launch explained it had undergone a significant and substantial transformation. This transformation includes building capacity and staffing, but the most significant transformation is with its mission.
What makes the revamped Chennai SOC different is because it will serve as a back-up to all the other SOCs with out-of-hours support and global operations and intelligence generally.
John Lionato, vice-president and head of Global Operations, Cyber Security Services, Symantec, says other companies use a “follow-the-sun” support model, but at the Chennai SOC the “sun never sets.”
Symantec selected Chennai based on its timezone, its three undersea network connections providing high-speed low-latency global connectivity, and the enormous skill base available; Symantec finds about 10-15 viable candidates per 100 resumés received, compared to two or three per 100 in other countries.
Specifically, the Symantec SOC approach is distinguished in two ways, both relating to customers. “We like talking to our customers,” Lionato says.
Firstly, it focuses on retention and Net Promoter Score loyalty indicators as its metrics for success. While call duration statistics are measured, it is not for staff performance purposes.
Secondly, the people who staff the SOC — analysts, engineers, onboarding experts, and everyone else — do not sit in team silos. Instead, they are organised cross-functionally by geography and industry to build deep familiarity.
“To do that you have to become familiar with the customer,” Lionato says. “The challenges facing a customer here in healthcare are different to those of a customer over there in healthcare or a different industry.”
Lionato says the design reflects Symantec’s approach to its customers and is in stark contrast to the typical call-centre methodology where anonymous, ever-changing agents are measured by time to close a call, no matter if the customer is happy.
Instead, the approach at Chennai sees a real pride of ownership form within the team, who don’t simply see Symantec customers, but their own customers. In turn, this delivers deep value to customers, analysts knowing their customers and inspired to start innovation projects they either think of from their own experiences or which are customer suggested.
Within Chennai, the Symantec SOC is seen as an employer of choice, and staff display their five-year incremental tenure awards along the walls. These recipients are acknowledged as smart, go-to guys who can help new team members with insights to solving difficult problems.
“Security is a team sport,” adds Peter Sparkes, senior director, Cyber Security Services, Asia Pacific & Japan, Symantec. “The SOC is where we bring the team together and it’s game on every day.”
Despite the geographical diversity, “all our people are trained exactly the same way”, Sparkes says. “We supported the Commonwealth Games and brought two Chennai analysts over to work with our team. On day one they logged in and worked exactly as Australian analysts did.”
Underpinning the SOCs is the Symantec global intelligence network, which the company says is the largest collection of intelligence and threat telemetry on the planet.
Telemetry data is collected from the gamut of Symantec and Norton products including its “endpoint protection products, cloud services, BlueCoat proxies, Data Loss Prevention (DLP), Cloud Access Security Brokers (CASBs) … everything we do”, says Marc Andrews, senior vice-president, Worldwide Sales.
“We have nine trillion rows in our database,” says Sanjay Rohatgi, senior vice-president, Asia Pacific, Symantec. “We record 200,000 threat Intels per minute globally. Symantec operates the largest civil cyber intelligence network bar none.” The company expects it would have detected half a trillion pieces of malware within 2018.
According to a Symantec representative, Symantec's 500+ certified cyber security professionals analyse more than 150 billion security logs worldwide each day, and globally help secure 175 million endpoints, 80 million Web proxy users, 63 million email users and 50 million consumers.
Beyond threat detection, the SOC aids customers in their own risk management and investment directions. “We monitor constantly and can give metrics to make real decisions,” Sparkes said. “Security is no longer a black art and purchasing decisions can be made with data, not just relying on what a customer thinks is the right thing to do.”
The SOC was officially opened by Samir Kupuria, executive vice-president and general manager, Cyber Security Services, who said, “Our mission is to protect people at the end of the day – to protect people, to protect property whether IP or property that can be damaged by attacks, to protect the government, and to protect society at large.”
The launch was attended by:
Dr Gulshan Rai
National Cyber Security Co-ordinator, Government of India, PMO
Director-General, National Informatics Centre, Government of India
Managing Director and chief executive, Imagine Panaji Smart City Development
Alex Paul Menon
Chief executive, Chhattisgarh Infotech Promotion Society (CHiPS)
The writer attended the Symantec Security Operations Centre opening in Chennai as a guest of the company.