Some say that protecting companies and governments from unanticipated cyberattacks is similar to finding a needle in a haystack. But at Symantec's Security Operating Center in Alexandria, Va., protecting clients from worms, viruses, and other computer-related threats is more like plucking a specific needle from a mound of needles in a haystack.

"We find an average of 16,000 potential security incidents in any 24-hour period," says Tony Vincent, a lead global security architect for Symantec. "We narrow those down to 3500 that we think are (of concern) to our customer. We find about 30 to 300, depending upon the day, that are very urgent, severe attacks."

The Security Operating Center, or SOC, is the largest of five such facilities operated by Symantec worldwide.

Control Center

From the visitor lounge, a dramatic black curtain sweeps aside to reveal the control room. The SOC's hub, resembling something out of a James Bond film, is a windowless bunker. Large screens monitor incoming phone calls and news of worldwide cyberattacks; a few displays are dedicated solely to CNN. Looking like they might be poised to send a shuttle into space, employees sit in curved rows of workstations, facing their computers and the spacious displays overhead.

Other employees sit in pods reminiscent of Star Trek, round vessels with leather dentist-style chairs and two large computer screens mounted in front of them. Equipped with motors, the pods have the ability to rotate away from sun glare on the monitors - which they would do if there were any windows in the facility. The pods also allow the employees to control the climate with fans and heating options.

The SOC receives 500 million logs and alerts from its customers daily. The data includes anything from the traffic to and from a company's firewall to the number of computers on its network. The information is analyzed for patterns or unusual activity, compared with known threats lurking in the cyberworld, and examined with a specific client's concerns in mind.

"We create a separate database for each customer," Vincent says, adding that the company has more than 70 terabytes of data on its clients.

Vincent tells the story of a high-profile media client who came to Symantec after trying three other security companies. "Three days after we were brought on board, we found that a human hacker had broken in and was using their network to launch attacks on other customers on the Internet," Vincent says. "We saw it within three days, but it had been broken into 18 months earlier."

For more PC news, visit PC World. Story copyright PC World Communications, Inc.