Network Operations Centers (NOC) and Security Operations Centers (SOC) are increasingly joining forces or sharing their operations into a combined center. Security and Network Operations Centers (SNOC) or fusion centers are popping up around the world. Why is merging your NOC and SOC such a good idea? And what control room visualization technology do you need to make it work?
Running a high-performance network today is almost synonymous with managing cyber-security risks. It’s not difficult to see a connection between managing performance and security. A cyber-attack can heavily affect the performance of the network. Conversely, although maybe a bit less obvious, the more infrastructure and network capacity you deploy to ensure the performance of your business applications, the more that needs to be protected from cyber threats.
Separate, but together
And yet, traditionally, NOCs and SOCs have mainly lived separate lives. NOCs typically focus on ensuring performance and uptime of the network, so that all business systems can run smoothly. SOCs on the other hand make sure those networks can effectively weather cyber-attacks and operations can continue to run securely. SOCs can even integrate other physical security tasks, such as access control or perimeter protection.
But this begs the question: when network problems occur, do these need to be handled by the NOC or the SOC? Or, when NOCs and SOCs are separate centers, can we be sure that network issues or cyber-attacks are handled effectively? Both types of centers may have different goals, but in the end, don’t they serve a common purpose of keeping the business network in a healthy shape?
Why NOCs and SOCs are merging
Combining a NOC and SOC makes perfect sense, for a few reasons.
Larger companies may choose to go for an in-house SNOC, other organizations rely on third-party Managed Service Providers (MSP) to take care of their NOC/SOC operations.
- When sharing operations, NOC and SOC analysts may have a better view on the overall network status and on each other’s applications. This can result in faster, more accurate issue identification and detection.
- At the least, NOCs and SOCs have similar tasks: they monitor networks, respond to incidents, and operate call centers. In some cases, NOC and SOC teams even have the same software licenses, be it for a Security Information and Event Management (SIEM) system or a Security, Orchestration, Automation and Response (SOAR) system. Sharing these resources, can help NOCs and SOCs to reduce costs.
- NOC and SOC analysts are hard to find. Combining NOC and SOC operations is therefore a way to use the available human resources in the most efficient way.
- Keeping networks secure has become increasingly complex. Increased virtualization, the move to the cloud, and BYOD have given hackers more opportunities to do harm. By combining their intelligence, NOC and SOC teams may be able to do a better job coping with these rising threats.
- The line between IT and OT is becoming increasingly blurred. Especially in asset-rich organizations, both network performance (typically monitored in a NOC) and network security (typically monitored in a SOC) are essential to guarantee business continuity, which contributes to the case of combining a NOC and SOC in one center.
Sharing NOC and SOC operations can take different forms. Larger companies may choose to go for an in-house SNOC, other organizations rely on third-party Managed Service Providers (MSP) to take care of their NOC/SOC operations. Many times, it’s some hybrid SNOC. For example, an organization may combine an in-house NOC with outsourced SOC services.
View better, share faster, resolve quicker
In whatever shape NOC and SOC operations are combined, it’s clear that both teams need to find control rooms tools and solutions that can improve 24/7 collaboration and help them share resources to improve real-time decision-making.
- A flexible workspace: With more focus on collaboration, NOC and SOC analysts will need a flexible operator workspace that allows them to easily integrate NOC tools with a Security Information and Event Management (SIEM) or with other SOC applications. They need to be able to view their sources in well-organized dashboards, or call different applications into their field of view.
- Easy network access to different sources: NOC and SOC analysts will need easy and secure network access to different applications and data in and beyond the control room. Especially when an incident occurs, operators need to be able to share views and sources with colleagues fast, wherever they are, or send a personal workspace view to a video wall to facilitate group decision-making.
- Secure access beyond the control room: Providing field technicians or remote experts with fast and secure access to critical content can make a huge difference in crisis situations. The same is true for fast sharing of information to distributed meeting rooms and crisis rooms.
Stay in touch
Receive the latest news about our services & products
we will not share your e-mail address with 3rd parties
Now check your inbox and confirm your subscription!