Full Text

Brian Dunphy probably hasn't seen every computer security mistake under the sun, but those he remembers are doozies.

Dunphy is senior manager of analysis operations at Symantec Corp.'s Managed Security Services (MSS) group, which monitors firewalls and intrusion detection systems (IDS) for enterprise clients.

Dunphy's role affords insight into security snafus, like the client that insisted its outbound data traffic to a partner - credit card info - was encrypted, secure and locked down. It wasn't. The company was duly surprised to learn about the vulnerability, which MSS discovered during routine protection checks.

Or the Fortune 500 client that was incredulous when MSS said one of the company's computers was infected with a worm. The client didn't believe it, arguing that the IP address supposedly attached to the device had nothing to do with them.

But MSS knew full well the address belonged to this firm. "You could tell they just discovered a new part of their network," Dunphy said.

These are the sorts of anecdotes that emit from Symantec's Alexandria, Va. security operations center (SOC), where MSS works. Symantec invited IT World Canada to tour the SOC, and learn a thing or two

about security - information that could help the enterprise stay safe when computer intruders come calling.

Among the things he's learned here, Dunphy noted a trend: chief information officers and chief security officers view patch management differently. Whereas CSOs see patching as integral to network security, CIOs see it as a network breaker - untested software destined to test the infrastructure.

"Being able to effectively prioritize is critical" to...