Is Your Network Operation Center Oppression Your Security Operation Center?

Without a doubt, there is a remarkable similarity between the Network Operations Center (NOC) and the Security Operations Center (SOC). Inappropriately, these comparisons often lead to the misunderstanding that the duties of each role are identical. Combine this with the general opinion that having an NOC eliminates the need for a formal SOC and creates situations of tension, resolution and sometimes intimidation. In practice, both the network operation center and security operation center provide a unique value to an organization, but only if they can work together and work together.

Key Differences

The first step in linking the Network Operations Center (NOC) and the Security Operations Center (SOC) in a harmonious relationship involves recognizing and understanding the key fundamental differences between both roles. Yes, both teams may have some responsibility in the identification, evaluation, resolution, and escalation of the problem, but the final separation of these two groups is the nature of the problem and its subsequent consequences. 

For example, NOCs are generally responsible for handling incidents that affect availability and performance, while SOCs primarily focus on incidents that may affect asset safety. Both are working towards a common goal of managing risk, but approaching and achieving that goal is very different.

Performance Measure

NOC and SOC are also measured differently in terms of performance. The Network Operations Center's job is to administer, maintain and comply with service level agreement report (SLAs), as well as handle incidents in a way that limits potential downtime as much as possible. In summary, NOC technicians measure themselves on how to optimize system availability and performance. Security operations centers, on the other hand, are mainly classified by their level of confidential data protection or "security" titles.

Both tasks are so important for the success and continued profitability of the organization that they should be treated as separate but equivalent functions. Unfortunately, many organizations fall into the trap of believing that both can be combined into a single universal operation. This can cause a disaster, not because one cannot handle the other duty, but because of the surprising contrasts that each one addresses his role.

Separated But Together

Another important reason why NOCs and SOCs must operate separately is that they work together and have specific skill sets that belong to the technicians of each discipline. For example, NOC analysts must be competent in network, systems and applications engineering. This extensive experience and educational requirements can lead to the false opinion that NOC team members are somehow smarter or more skilled.

In practice, SOC analysts must show an equally complex set of skills specific to safety engineering, so they must discover the notion that NOC representatives are somehow better. Bringing these clear and equally important differences home will help repair fences and build more consistent departmental relationships based on mutual respect and understanding.

What further complicates the situation is the nature of the enemy with which each group must deal daily. The noc ops center on naturally occurring system events and the SOC faces very differently "intelligent enemies", such as hackers and other cybercriminals. As a result, the solutions and strategies that each group needs to develop, implement and maintain vary widely. Waiting for one group to adapt to the policies, processes, and priorities of the other group is a recipe for disasters.

Increase in demand = increase in sales.

Finally, there are many demands and pressures placed on each of these groups, and the reality of how to respond thereafter. Security operations centers tend to have a much greater turnover than NOCs, and the average employment of Level 1 COSs is less than approximately two years. This is mainly due to the unstable and ever-changing nature of security operations. The permanence of NOC representatives tends to be quite long. It makes sense, then, that simply waiting for NOC analysts to assume the role of SOC will result in greater staff reductions and, consequently, higher turnover rates. Most companies pay an expensive price.

Matches in the Sky

Ultimately, the ideal solution to avoid the problem between NOC and SOC is to find a way to recognize, understand and respect subtle but fundamental differences and promote collaboration and cooperation between them. That's one way to achieve this goal is to connect both computers using automation. The SOC will focus on identifying and analyzing security incidents, using the data collected to suggest modifications to the NOC, and the NOC can evaluate and implement the modifications accordingly and improve overall operations.