Recently, we read an interesting article on Ayehu which points to the unique approaches in handling Network Operations Centers (NOC) and Security Operation Centers (SOC). Indeed, the delicate relationship between how NOC and SOC are both responsible for four primary issues: identification, investigation, prioritization and resolution of issues is accurate. Clearly, the impact that these two operations centers have on these issues is vastly different as the intention of each center is to monitor different arenas – security and performance/ availability.
Every day, NOCs and SOCs are challenged to do more with less as cost center funding struggles to pace business growth.
NOCs and SOCs tend to share a similar operational structure, both staffed using tiered call centers, monitoring, and event or incident and response teams. Leveraging common NOC and SOC characteristics to build a single group responsible for both functions can make limited budget dollars go farther and yield more efficient operations.
Instead of creating another distinction between these closely associated operations centers, we wondered if a more optimal solution to the monitoring process could be designed?
Rather than attempt to create two sets of alerts, we would like to suggest a solution at level 0 of monitoring. Designing a single pre-defined run book could retrieve both types of alerts (NOC and SOC) while reducing the complexity of the monitoring process.
This Run Book should be divided with a particular coverage of both services respectively. NOC – for performance and functionality and SOC – for security issues.
Engineering It Right
Basic monitoring begins at level 1 with basic engineering of the run book.
If done correctly, skilled NOC/ SOC engineers should be enable to identify the alerts created by the run book, which in turn, will activate a protocol response (Action or Escalation).
Beyond this level, senior engineers with an advanced skills set should be on board to efficiently handle security issues. Similarly, senior engineers should be equipped to respond to all matters related to performance, business, and functionality.
Convergence of NOC and SOC
While the convergence of NOC and SOC can be both practical and beneficial, combining the awareness and control requires a critical approach to engineering at the most basic level of monitoring. The enterprise’s nervous system demands a good defense and response of its immune system. By integrating network and security monitoring, management, and response capabilities at the run book level, enterprises will have the capacity to work efficiently in the long run.