7Blending NOC and SOC

MEL T. MIGRIÑO

 

When your security team faces a disruptive incident, time is of the essence. Any delay in identifying, responding to, and mitigating the problem increases risks and leads to still more disruption. These costly delays are more likely in entities where the Network Operations Center (NOC) and Security Operations Center (SOC) are completely separate with limited visibility into the other's world. When teams remain siloed, inefficiencies and errors slow effective incident response and hamper overall network and security operations.

As cyber threats continue to increase in number and severity, siloed NOC and SOC teams are a luxury your organization cannot afford. But as we'll see, the solution is not necessarily a quick, complete blending or merger of the two teams. Failing to consider all the details of blending or rushing to complete the process can create additional problems without necessarily solving the issues at hand. A more nuanced answer is required.

The Vision

Just as firefighters and emergency medical technicians together respond to fires and work in tandem to both put out fires and treat victims, integrated SOC and NOC response teams can work together to troubleshoot incidents and keep the network both secure and reliable. Key benefits of blending NOC and SOC include:

  • Faster resolution of incidents. Instead of working independently after an incident occurs and sometimes reaching conflicting conclusions as to the root cause, blended ...

Get Fight Fire with Fire now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.