Without a doubt, there is a remarkable similarity between
the Network Operations Center (NOC) and the Security Operations Center (SOC). Inappropriately,
these comparisons often lead to the misunderstanding that the duties of each
role are identical. Combine this with the general opinion that having an NOC
eliminates the need for a formal SOC and creates situations of tension,
resolution and sometimes intimidation. In practice, both the network operation center and security operation center provide
a unique value to an organization, but only if they can work together and work
together.
Key Differences
The first step in linking the Network Operations Center (NOC)
and the Security Operations Center (SOC) in a harmonious relationship involves
recognizing and understanding the key fundamental differences between both
roles. Yes, both teams may have some responsibility in the identification,
evaluation, resolution, and escalation of the problem, but the final separation
of these two groups is the nature of the problem and its subsequent
consequences.
For example, NOCs are generally responsible for handling
incidents that affect availability and performance, while SOCs primarily focus
on incidents that may affect asset safety. Both are working towards a common goal of managing risk, but approaching and achieving that goal is very
different.
Performance Measure
NOC and SOC are also measured differently in terms of
performance. The Network Operations Center's job is to administer, maintain and
comply with service level agreement report (SLAs), as well as handle incidents in a
way that limits potential downtime as much as possible. In summary, NOC
technicians measure themselves on how to optimize system availability and
performance. Security operations centers, on the other hand, are mainly
classified by their level of confidential data protection or
"security" titles.
Both tasks are so important for the success and continued
profitability of the organization that they should be treated as separate but
equivalent functions. Unfortunately, many organizations fall into the trap of
believing that both can be combined into a single universal operation. This can
cause a disaster, not because one cannot handle the other duty, but because of
the surprising contrasts that each one addresses his role.
Separated But
Together
Another important reason why NOCs and SOCs must operate
separately is that they work together and have specific skill sets that belong
to the technicians of each discipline. For example, NOC analysts must be
competent in network, systems and applications engineering. This extensive
experience and educational requirements can lead to the false opinion that NOC team members are somehow smarter or more skilled.
In practice, SOC analysts must show an equally complex set
of skills specific to safety engineering, so they must discover the notion that
NOC representatives are somehow better. Bringing these clear and equally
important differences home will help repair fences and build more consistent
departmental relationships based on mutual respect and understanding.
What further complicates the situation is the nature of the
enemy with which each group must deal daily. The noc ops center on naturally
occurring system events and the SOC faces very differently "intelligent
enemies", such as hackers and other cybercriminals. As a result, the
solutions and strategies that each group needs to develop, implement and
maintain vary widely. Waiting for one group to adapt to the policies, processes, and priorities of the other group is a recipe for disasters.
Increase in demand =
increase in sales.
Finally, there are many demands and pressures placed on each
of these groups, and the reality of how to respond thereafter. Security
operations centers tend to have a much greater turnover than NOCs, and the
average employment of Level 1 COSs is less than approximately two years. This
is mainly due to the unstable and ever-changing nature of security operations.
The permanence of NOC representatives tends to be quite long. It makes sense,
then, that simply waiting for NOC analysts to assume the role of SOC will
result in greater staff reductions and, consequently, higher turnover rates.
Most companies pay an expensive price.
Matches in the Sky
Ultimately, the ideal solution to avoid the problem between
NOC and SOC is to find a way to recognize, understand and respect subtle but
fundamental differences and promote collaboration and cooperation between them.
That's one way to achieve this goal is to connect both computers using
automation. The SOC will focus on identifying and analyzing security incidents,
using the data collected to suggest modifications to the NOC, and the NOC can
evaluate and implement the modifications accordingly and improve overall
operations.