Jun 02, 2022

5 trends that have changed the role of the NOC and SOC analyst

Control Room Czas wymagany na przeczytanie: 8 min

Your business may have an in-house Network Operations Center (NOC) or Security Operations Center (SOC), or it may rely on a Managed Service Provider (MSP) as a third party to partly provide these services. Whatever the case may be, monitoring the health and security of your network has become increasingly critical to your business.

Network and security technology are constantly evolving and as a result, NOCs and SOCs are forced to move along. In a climate of constant change, the role of the NOC/SOC control room operator has dramatically changed as well. Today, NOC and SOC analysts have an increasingly strategic and business-critical role. It’s the result of at least five important trends.

Trend #1: More applications require more skills

Monitoring and visualizing the performance of the network and the security of the organization is a comprehensive task that is supported by an ever-increasing set of analytics tools and applications. Some of the most common tools known to NOC and SOC analysts are:

  • Security Information and Event Management (SIEM)
  • Intrusion Detection System (IDS)
  • Intrusion Prevention System (IPS)
  • User and Entity Behavior Analytics (UEBA)
  • Firewall Security Management
  • Extended Detection and Response (XDR)
  • Antimalware
  • Sandbox analysis

With so many tools and areas of specialization, it’s virtually impossible for an analyst to be proficient in all. The technology environment is changing so fast and is becoming so diverse that many NOC/SOC organizations are challenged to constantly upskill their workforce. A 2021 Gartner1 survey[1] reported that 64% of IT executives point to insufficient skills and resources as one of their greatest challenges. And the rate of change is accelerating. That same Gartner survey mentioned that 29% of the skills in an average infrastructure and operations job posting of 2018 are no longer needed in 2022.

NOC and SOC organizations are forced to continuously stay abreast of new technologies. But there’s more. In a modern threat detection environment, it’s no longer enough for operators to rely on their technical skills alone. Soft skills and critical thinking are becoming much more important.

One example of a SOC application that requires much more than technical knowledge is sandbox analysis. Sandboxing means that analysts test all kinds of suspicious code and malware in a safe and isolated environment without any risk to the network. It’s an advanced task that requires much more from analysts than just ticking off a number of steps. Operators are now required to take initiative, apply critical thinking, and be collaborative and creative.

Trend #2: AI and automation clear path for different operator role

A growing amount of data is flooding into the control room. The total volume of hardware and software applications, and the avalanche of alerts and cyber threats that need to be monitored is already surpassing the capacity of the human operator. Today’s NOC and SOC centers are therefore increasingly making use of automated and AI-driven processes.

Less complex NOC and SOC workflows can be completely automated, so that the need for operators to intervene during corrective actions is reduced. Even in physical security, mobile perimeter control robots are no longer science fiction. And with the use of AI, systems can learn to perform operator tasks based on past experiences and vast amounts of training data.

The goal of automation and AI, is not only to efficiently handle the vast amount of data which is impossible to master for any human operator, but also to reduce error and guarantee continuity of service. Of course, the human operator is not left out of the equation. On the contrary, operators are still critical in crisis situations. A series of automated tasks may be started up in response to alerts, but when the threat is still there after the automated steps are completed, a human analyst will step in to resolve the crisis.

Another caveat for AI-based workflows is that they can be vulnerable to cyber-attacks. One of the most important threats to AI systems is the potential for their training data to be poisoned. Someone with bad intentions could for example access the AI training data and inject information that will cause the AI model to act in a way that the developers wouldn’t expect. The concern with automation is that it can be predictable, which makes the hacker’s job much easier. That’s why it’s still critical to include a human operator in the workflow, whose interventions can reduce predictability.

One AI-based system will typically focus on one task or threat. The added value of the human operator is that they can bring all the information from different systems together and get a bigger picture of the situation. A key element in making this possible is offering the NOC and SOC analyst an ergonomic workspace that can visualize all critical sources in a single pixel space.

The good news may be that, with more automation and AI added to the operator workflow, more resources can be freed up, so that operators can focus on less mundane, less repetitive tasks, and more on strategic tasks that require creativity and critical thinking.

Trend #3: From a reactive to a proactive approach

Closely related to the previous trend, is that NOCs and SOCs are increasingly shifting from a reactive to a proactive approach. By regularly and proactively sweeping so-called Indicators of Compromise (IoC), NOCs and SOCs can weed out the false positives and act on the alerts that form a real threat. To analyze these large amounts of information, NOCs and SOCs are increasingly relying on AI tools for the identification of data and events that are relevant to the organization’s cyber security. 

"Due to the constant flood of cyber threats, many organizations are required to continuously react in real time to protect their networks and keep them up and running," adds Bert Vandenberghe, Sales Engineer at Trend Micro, a global cybersecurity leader. "An alternative approach is to proactively perform regular risk assessments to determine the appropriate remediations ahead of the threat, and to prevent future security vulnerabilities." 

Trend #4: Collaboration is critical in crisis handling

The past couple of years have been an enormous stress test for our communications networks. During the pandemic, the growing number of remote workers made it more challenging for IT teams to offer reliable connectivity and to enable continuity in the day-to-day operations out of the workplace. The pandemic also accelerated a corporate move to the cloud, putting an even greater stress on the network.

Many IT teams worked hard to upgrade their corporate network technology, but even then, they found it challenging or too costly to efficiently monitor their infrastructure for the continuous threat of cyber-attacks.

More corporations are therefore outsourcing their NOC and SOC operations in some form. Many larger businesses opt for a hybrid model, in which parts of the NOC/SOC operations are still taken care of internally, while other parts are outsourced to specialist companies. Smaller enterprises are often taking advantage of attractive pricing models of Managed Service Providers (MSP) to outsource their entire NOC and SOC operations.

Another way to reduce costs and optimize resources is to combine security and network operations into a so-called Security & Network Operations Center (SNOC). From a business perspective, this makes good sense, because both NOC and SOC operations perform similar functions. They monitor network traffic and device configurations, and need to ensure business continuity. The NOC may be focused more on network performance, while the SOC focuses more on managing cybersecurity threats, but the common goal and possibility to share resources is there.

Both the move to third-party outsourcing and the emergence of a consolidated SNOC center makes collaboration more important. In-house IT teams will need to find ways to efficiently collaborate with their MSP. In most cases, MSPs will not take full responsibility of day-to-day operations, but will only take on some of the IT duties. In that case, IT teams will need to define clear roles and find efficient ways to collaborate in times of crisis to make sure critical decisions can be made in real time.

The same goes for combined NOC and SOC operations. Although network engineers and security analysts both have their own distinct mission, improved collaboration between NOC and SOC teams can only improve the efficiency of response in times of crisis. Both NOC and SOC analysts will need to step out of the comfort zone of their area of expertise, and put more focus on collaboration, in order to achieve their common goal: maintaining the continuity and security of the business. In technology terms, more focus will need to go to sharing sources and information as quickly as possible to all relevant stakeholders.

Trend #5: Playing a strategic role in the digital transformation

IT is playing an ever more pivotal role in business. This was already obvious during the pandemic, but it will continue to be in years to come. The role of NOC/SOC teams will become equally strategic.

During the pandemic, corporate IT teams had to support a workforce that is increasingly working remotely and making use of mobile devices. Many organizations were pushing the performance limits of their networks. The new way of working not only blurred the division line between personal and business lives, but it also exposed employees to cyber-threats. In-house teams needed to pay extra attention to sharing content to remote workers in a secure way. As a result, maintaining the performance of the network became more challenging, and IT teams are now facing an increasingly pressing responsibility over the organization’s continuity.

But that’s not the end of it. Many IT teams are already looking forward to making the transition from 4G to 5G wireless technology, which is many times faster and more powerful. For many businesses, an operational 5G network will be key to driving revenue and remaining competitive. 5G will not only be critical for internal operations, but it will also offer a reliable interface and user experience that enables customers to buy products and services. Implementing and monitoring the performance and security of the 5G network will be of strategic importance. Organizations are therefore starting to think differently about the role of their NOCs and SOCs. More than a supplier of supporting IT services, NOCs and SOCs have become strategic partners during an organization’s digital transformation roadmap.

Supporting a changing role

Barco’s control room visualization and collaboration solutions have helped NOC and SOC staff to stay in control of their operations for many years. Today, Barco solutions also facilitate change in times when NOC and SOC teams are redefining their role as a strategic business partner.

Barco technology in your NOC or SOC control room helps your teams to:

  • Collaborate more easily by offering real-time access to sources for all stakeholders
  • Cope with an increasing flow of data by offering efficient visualization on a large video wall or on a single operator workspace
  • Organize their workspace in an ergonomically friendly way, in order to increase insight and improve decision-making
  • Upgrade more easily to new applications and systems
  • Prepare for the future and adapt to new technologies
  • Facilitate expansion of the workforce

Sources

1 - Gartner Identifies the Top Trends Impacting Infrastructure and Operations for 2022

 

About the author

Jordan Heldrich
Segment Marketing Manager of Control Rooms

Jordan focuses on control rooms at Barco utilizing her multi-industry knowledge and experience in sales, product marketing and strategic marketing to bring dynamic strategies to control rooms.  She is based in Atlanta, GA.  

Stay in touch

Receive the latest news about our services & products

we will not share your e-mail address with 3rd parties 

Ta strona jest zabezpieczona technologią reCAPTCHA. Zastosowanie mają również Polityka prywatności oraz Warunki usługi Google.