Symantec outgrows underground nuclear bunker

Symantec has emerged from its bunker in the British countryside, moving its malware-fighting operations from a former U.K. military nuclear shelter to a more conventional office in Reading.

The nuclear bunker, with concrete walls and an obscure entrance on a hillside near Twyford, England, was used for one of the company's Special Operations Center (SOC).

The regional centers are used by security analysts who are part of the company's Managed Security Services. Companies hire Symantec to help with part or all of their IT security operations.

The nuclear shelter may have been good public relations for a security company, but it wasn't comfortable: It lacked windows and had "sanitation" problems, company officials said.

On Wednesday, Symantec offered a tour of its new facility in Reading to journalists, analysts, and customers. The facility, formerly used by storage company Veritas, which Symantec acquired in 2005, has twice as much space as the bunker and was needed to accommodate Symantec's growth.

Symantec now has under one roof its consultancy, moved from Maidenhead, England, to the new facility, and its SOC, a move that will help dealing with customers, said Arthur Wong, senior vice president of Symantec Managed Security Services.

Symantec only allowed visitors a brief peak at the SOC analysts working on Wednesday through a glass window with parted blinds. Those analysts sift through reports that note suspicious events on different companies' networks.

Although much analysis of the log reports is automated, humans are still needed to look at data, said Alan Osborne, senior manager for Europe, the Middle East and Africa operations. Symantec's service-level agreements mandate that they notify a client within 10 minutes of a critical problem, Osborne said.

About 30 analysts work in the U.K. SOC. Symantec operates four other SOCs in the U.S., Australia, and Japan, which can be called on during emergencies. On Tuesday, a fire alarm went off, and the U.K. SOC's operations were rolled over to a U.S. SOC within minutes, Osborne said.

Symantec officials said they are seeing rapid growth in managed security services due in part to companies trying to keep IT costs down while dealing with complex threats and government regulation.

The oil company BP started using Symantec's managed services about five years ago when it wanted to separate networks used to control oil production, such as those that turn on and off values, and its corporate network, said Robert W. Martin, DCT Digital Security. Access to one network from the other could be catastrophic, Martin said.

BP usually gets between three to 10 security alerts a month from Symantec, which performs such functions as firewall monitoring, Martin said. For example, Symantec notified BP when it detected peer-to-peer traffic on their network, Martin said, which can be a sign of malicious activity.

Other companies, such as Imperial Chemical Industries, are looking to managed services to outsource capabilities they don't have in-house. Paul Simmonds, the chemical company's chief information security officer, said they are considering Symantec services since they offer greater depth and research on threats.

Now, hackers have typically focused on other industries, but "we know one day someone will work down the food chain and hit on ICI," Simmonds said.