Symantec recently announced that it would be adding a service with which enterprise clients could hire Symantec security analysts to work on-site. The service is called the cyber threats analysis program. The analysts will work with clients to identify potential threats, review log data, and respond to attacks.
The analysts will have access to the full suite of Symantec tools, including its security event information management tools, global monitoring and threat-intelligence data, and third-party tools as needed.
This is going to be a very expensive proposition for Symantec, so what does it expect to gain?
I see the payback to Symantec coming from several angles: First, I see it increasing revenue. Don't forget, this is not for the SME; it targets enterprise clients, and right now, they have the money. Second, even though Symantec has been touting security as a service through remote access, clients like to have someone to reach out and "touch" should there be a problem. Third, remote access is only good as long as you have connectivity. If there is an attack like a DoS, Symantec might not have access to your network to work the problem. Finally, when there is a war, which is what it is when you are under cyber attack, I like the idea of having all of my resources onsite and available when I need them. Reports have the service starting at $300,000 a year and going up from there.
Now, some people might have a problem with an outside vendor having access to its IP. To me, this is no different than using security as a service; the vendor still has access to your network, as any other outside consultant. First, you go through the vetting process, and then you limit what they have access to.
I think this is a fantastic service offering. Security is expensive. It does bring value, but we constantly have to prove it. If I could cut staff, or augment it, and improve the services I offer, then I'd be adding value to the organization. The Symantec service offering has the potential to bring value to an organization where it has ongoing security problems, has critical infrastructure threats, or could use additional high-level staff.