Work in cybersecurity field is full of surprises every day. In information security, just as on a football field, if you do not understand formations, play calling, and tendencies of your opponents, then you will not be able to understand the risks your organization is facing.
Even after all the recent data breaches and successful hacking attacks, many companies and organizations still disregard major security guidelines. Moreover, many organizations underestimate cyber criminals and hacktivists who are always at least on if not two or three steps forward.
The majority of companies have adopted the “monitor and response” cybersecurity strategy. This strategy generally takes place in a Security Operations Center (SOC) or a Network Operations Center (NOC). In most organizations, the SOC and NOC complement each other’s functions.
The roles of SOC and NOC are not subtly but fundamentally different. The SOC and NOC are responsible for identifying, investigating, prioritizing, escalating and resolving issues, but the types of issues and impact they have are considerably different.
The NOC handles incidents and alerts that affect performance and availability. The NOC’s job is to meet service level agreements (SLAs) and manage incidents in a way that reduces downtime. It focuses on availability and performance.
The SOC focuses on incidents and alerts that affect the security of information assets. Its main role is to protect intellectual property and sensitive customer data – a focus on security.
While both are critically important to any organization, combining the SOC and NOC into one entity and having them each handle the other’s duties can spell disaster – because their approaches are so different and skill sets required to manage are distinctive.
An NOC analyst must be proficient in network, application and systems engineering, while SOC analysts require security engineering skills.
Last but not least, the very nature of the adversaries that each group tackles is different. The SOC focuses on “intelligent adversaries” while the NOC deals with naturally occurring system events.
Consequently, both SOC and NOC are needed to work side-by-side but in conjunction with one another.