Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, December 11, 2006

Blurring the Line Between SOC & NOC

The line between the security operations center (SOC) and the network operations center (NOC) in some organizations is starting to blur, as the pressure intensifies on today’s businesses to prevent more sophisticated and damaging security breaches—and to do it on a budget.  Boston Medical Center, for example, recently merged its NOC and SOC operations, and is currently cross-training both groups, says Arsen Khousnoudinov, manager of network and security infrastructure for the medical center.

The medical center’s intrusion prevention system (IPS), Web filtering tools, and other security and networking tools, for instance, are already converging, Khousnoudinov says.  But that doesn’t mean the NOC and SOC will completely merge.

In fact, security analysts say you need a healthy separation between some duties, especially where security policy implementation and auditing is concerned.

Even Boston Medical, which is ahead of most organizations with its fusion of NOC and SOC duties, still keeps policy and auditing as well as its Windows Active Directory security separate from the overall NOC operation, according to Khousnoudinov.  That prevents conflicts of interest or other related problems when, say, security must investigate internal access of the company’s resources, says Nicolett.  “The security group in charge of investigations might [have to work on something] that involves privileged users,” he says.

The first place the NOC and SOC are converging is in event monitoring.  “But control over what’s monitored and drilling down on this needs to be retained by the security staff,” Nicolett says.  So start looking at your redundant call center or trouble-ticket systems, for instance, says Rob Enderle, principal analyst with the Enderle Group.

Posted on 12/11