NOC: Network Operations Center
SOC: Security Operations Center
Integrating a NOC/SOC is convergence/integration at the:
- Organizational level, (i.e. common first level response) - triage, collaborate, cross correlate and potentially identify common patterns from NOC/SOC respective tools.
- System level: integrated ticketing and workflow - service level agreements, standard operating procedures, integrating processes and structures in place to allow operators to communicate and coordinate seamlessly
- Asset level. (shared sensors and event criticality information) - utilizing a common information aggregator that collects all the data required and then distributes it using integrated tools/dashboards.
The integration should allow collaboration on:
- Event Management
- Security Management (antivirus, intrusion detection/prevention systems)
- Endpoint Management
- Network Management (firewalls, router, switches, servers)
- Fault Management
- Configuration Management
- Performance Management.
- Accounting (Administration and Identity Access Management systems)
Complex issues are investigated by Level 2-3 SOC/NOC specialists to diagnose and pinpoint the nature of the infrastructure incidents more accurately. The integrated staff cross trains to expand their range of skills, adjust their mindsets and tap each other’s skillsets and experiences to identify, manage and resolve incidents effectively.