Community Blog

Mr Network image.jpg

Why SOC and NOC teams can benefit by working closely together

Network Operations Center (NOC) and Security Operations Center (SOC) are two critical pillars of any organization. Both teams continuously monitor logs and events from different tools to ensure that the network stays up and running and remains protected against cybersecurity attacks.  The NOC team resolves incidents that affect the performance or availability of the network while the SOC team handles incidents that affect the security of vital assets of the organization, thereby, reacting against malicious threats. Every day, NOC and SOC teams are challenged to do more with less as cost center funding struggles to keep pace with business growth.  

 

Maintaining network availability and effectively defending an enterprise network when NOC and SOC teams work in silos creates an additional challenge. Even though many network and security tools exist for SOC and NOC teams, each team typically generates its own incidents and doesn’t share information. This lack of interoperability and inability to share event data results in inefficiencies, lack of agility, limited visibility, and eventually a poor organizational security posture. According to the ESG research report on Security Operations Challenges, Priorities and Strategies in 2017, keeping up with the volume of security alerts and lack of integration between different security tools are some of the biggest challenges related to security operations. According to the same survey, investing in technologies to automate security operations and threat detection by integrating multiple tools is a top priority among security operations’ teams.

 

To improve efficiency and collaboration between cybersecurity and IT operations team, organizations are investing heavily in automation and orchestration of incident response to keep up with the volume of security alerts, to make decisions on prioritizing alerts and to reduce response time for incidents. In addition, according to Infosec Island article, though there are subtle differences between SOC and NOC, increasingly organizations are making the two groups work more closely together often with overlapping team members,  allowing them to break silos, gain centralized visibility and facilitate information sharing. This helps to reduce cost and improve the efficiency of both NOC and SOC teams.  For example, SOC can identify issues and recommend fixes to NOC. NOC can then analyze the impact of the fixes and make changes accordingly. Thus, closely aligning NOC and SOC teams may allow companies to integrate network and security workflows, management, and response capabilities, enabling both the organization to become more self-aware of its limitations and enhancing the ability to defend its networks.

 

Infoblox helps bring together NOC and SOC teams through Integrations:

 

Picture1.png

 

As shown, Infoblox enables customers to automatically share DNS data, user and device information, rich network context and security events with different security tools such as SIEM, Vulnerability Management, Firewalls, NAC and others using STIX/TAXII data formats as well as APIs. Here is the list of technology partners Infoblox integrates with:

 

Picture1.png 

 

To summarize, Infoblox provides integrations with network and security tools mentioned above, potentially enabling SOC and NOC teams to work more closely, allowing customers to automate processes, decreasing threat response times, improving agility and receiving single pane of glass visibility across the entire network. This ultimately improves the efficiency of operations for NOC and SOC teams and enables next level automation and orchestration.

 

To learn more about our network and security integration, please visit https://www.infoblox.com/partners/technology-partners/ and https://community.infoblox.com/t5/Partner-Integrations/ct-p/PartnerIntegrations

 

References:
       

https://www.sans.org/reading-room/whitepapers/incident/paper/38290

https://ayehu.com/why-your-soc-and-noc-should-run-together-but-separately/

https://www.csoonline.com/article/2121964/access-control/efficiency-through-noc-soc-convergence.html

https://www.incidentresponse.com/the-different-between-the-security-operations-center-soc-network-op...

https://www.scmagazine.com/home/reviews/moving-the-soc-into-the-noc/

https://www.darkreading.com/attacks-breaches/blurring-the-line-between-soc-and-noc/d/d-id/1128476

https://www.intellectualpoint.com/blog/cyber-security-security-operations-center-soc-vs-network-oper...

http://www.infosecisland.com/blogview/20589-Redefining-Security-Intelligence-with-NOC-and-SOC.html

 

Showing results for 
Search instead for 
Do you mean 

AI Powered DNS FIrewall - A Webinar Presentation by Dr. Bin Yu, Chief Data Scientist, Infoblox