Wednesday, December 6, 2017

Definition of an integrated NOC and SOC

NOTE: 99.99999 % of the credit for this post is the work of Nelson Hernandez, I am just trying to add enough whitespace to generate discussion for his SANS.EDU research project.
NOC: Network Operations Center
SOC: Security Operations Center

Integrating a NOC/SOC is convergence/integration at the:

- Organizational level, (i.e. common first level response) - triage, collaborate, cross correlate and potentially identify common patterns from NOC/SOC respective tools.

- System level: integrated ticketing and workflow - service level agreements, standard operating procedures, integrating processes and structures in place to allow operators to communicate and coordinate seamlessly

- Asset level. (shared sensors and event criticality information) - utilizing a common information aggregator that collects all the data required and then distributes it using integrated tools/dashboards. 

The integration should allow collaboration on:
- Event Management
- Security Management (antivirus, intrusion detection/prevention systems)
- Endpoint Management  
- Network Management (firewalls, router, switches, servers)
- Fault Management 
- Configuration Management 
- Performance Management. 
- Accounting (Administration and Identity Access Management systems) 

Complex issues are investigated by Level 2-3 SOC/NOC specialists to diagnose and pinpoint the nature of the infrastructure incidents more accurately. The integrated staff cross trains to expand their range of skills, adjust their mindsets and tap each other’s skillsets and experiences to identify, manage and resolve incidents effectively. 

2 comments:

  1. Nice blog. You nicely explain basics of NOC and cybersecurity SOC. Thanks for sharing

    ReplyDelete
  2. Looking for Norton Support visit our website or reffer our blog for Norton Antivirus trouble shooting "norton customer service phone number uk norton 360 sign in what is sonar protection
    "

    ReplyDelete