Respond to threats faster with your IT management and cybersecurity under one roof
Whether they have it in-house or outsourced, any business that uses computers, telecommunications, or satellite technology will likely have some sort of Network Operations Center (NOC), a centralized hub for maintaining and monitoring all things IT.
And if you’re a business that works with SUCCESS Computer Consulting, you should be well aware of the emphasis we place on having a robust cybersecurity practice in place. Such methods are usually managed via a SOC, or Security Operations Center.
Despite the similarities in their names, NOC and SOC do serve two different (albeit not unrelated) business functions. Both are essential to keeping your enterprise running smoothly. The NOC focuses on network health and functionality, while the SOC focuses on keeping your tech secure.
“The NOC is focused on uptime, making sure things are available,” explains SUCCESS Cybersecurity Architect Chris VanAnda. “For example, an alert that our NOC would get is if one of our client’s servers went offline—let’s say it was hung up rebooting—and the NOC’s responsibility is to make sure that server gets back online, so our clients can access their email, or whatever applications are on that server. With a SOC, we’re looking to make sure that same server is secure.”
However—if you consider the NOC/SOC as completely distinct you’re doing a disservice to your business.
“If your SOC is outsourced, and not converged with your NOC, the SOC is really at a disadvantage. The SOC doesn’t have the full visibility into the inner workings of the network,” VanAnda says.
So what’s a business leader to do? At SUCCESS, we recommend converging the two.
Read on to have two of our cybersecurity experts explain why we take this approach.
Better holistic visibility into the health of your technology
Think of it this way: you go to the doctor to diagnose your illness and get a prescription, but the medicine itself is what actually kills the bug and returns you to health. Both, though, are integral to the healing process.
In that metaphor, the doctor represents the SOC, and the NOC the medicine. Your SOC might identify a threat, but many tools of the NOC will ultimately be used to resolve it, so the more closely the two are aligned, the better the outcome.
According to SUCCESS Cybersecurity Engineer Eric Vollbrecht, when your NOC and SOC are converged under one roof, “We have the resources of the NOC to address the issue much, much more quickly than if the SOC was through someone external, just throwing an alert saying ‘hey, you need to look at this.’”
While an outsourced SOC might flag network threats that reach a level of, say, 9 or 10, Vollbrecht says that a combined approach with NOC/SOC working closely means the NOC can provide insight into multiple lower-level (more like a 4 or 5) threats. Collectively, these could pose a much more serious threat to your operations.
Those less-critical threats are, Vollbrecht says, “Kind of under-the-radar, you don’t realize what’s going on. And that’s where the NOC has to kind of help us put those pieces together, to say ‘hey maybe this isn’t quite right, this item combined with this vulnerability makes it seem like something’s going on here that isn’t normal.’”
Faster, targeted, more-precise response
When the SUCCESS team gets an alert of a security threat to one of its clients, the fact that it uses a converged NOC/SOC approach means a much, much faster response.
“There’s already going to be a field tech who knows that network inside and out. We have direct contact with them,” VanAnda says. “We can just walk over to a member of our team and get direct information. If we hand off the remediation to our NOC, or the field tech, we’re in direct contact. It’s a really smooth transition. There’s a big gap there if the SOC is completely outsourced.”
Additionally, if you converge your SOC and NOC teams, you’ll have techs and experts who are more intimately acquainted with what data, exactly, is most important to your specific industry.
“If you have a medical client, certain patient information is going to be more critical than if you have a manufacturing company and are working with other types of data,” Vollbrecht explains. “The different types of data and risk that are associated with each of those organizations—when you have an outsourced SOC, you’re going to lose some of that bespoke customization.”
It’s proactive rather than reactive
It’s not “if” but rather “when” your organization will experience a malicious attack or threat.
“You have to be vigilant about your security no matter what size company you are. Attackers just try first and foremost to get whatever they can, and then exploit it later,” Vollbrecht says. “Attackers don’t always know if your data is valuable or not. They’re going to try to go ahead and get whatever they can and then hold it for ransom.”
Combining the toolsets of a NOC and SOC creates a valuable feedback loop. This can not only fix an issue, but provide illuminating context and prevent further problems.
With the converged NOC/SOC approach that SUCCESS uses, “we understand our clients better and what their risks are, to see those issues ahead of time,” Vollbrecht says.
What’s next? Ask your MSP about their cybersecurity
Want to converge your NOC/SOC for optimum performance and cybersecurity? Start by talking to your Managed Service Provider. It’s important to ask your MSP whether or not they outsource their security or have it in-house. Their answer might surprise you.