Why we need a Security Operations Centre (SOC) even if we already have a Network Operations Centre (NOC).
A common question is why do we need a SOC if we already have a Network Operations Centre (NOC)?
After all, both look after the IT system and both are responsible for detecting events, identifying incidents, and resolving issues on the network, so why have both? Well, in very small organisations it is possible to combine the two functions into the same team, but the reality is that the role of each is different.
A NOC is concerned with making sure that everything is up and running and has sufficient bandwidth. Its job is to consider things like SLAs and to ensure that they are met. As a result, the focus of the NOC is on making sure that everything is available for people to use when they need to use it.
A SOC, on the other hand, is concerned with protection. Its job is to make sure that the infrastructure and the data on it are kept secure. As a result, the focus is on security and it may decide to compromise a network’s availability in order to keep the system secure.
Of course, both the SOC and the NOC have to work together and that is why there is a realisation that there is a need for SecOps – the security team in the SOC, and the operations team in the NOC to work more closely together. Good practice ensures that the operations team are involved with all security decisions and the SOC team are involved with all service rollouts and refreshes. They each have their own roles to play but they should be working with each other, and not against each other (unless they are taking part in a war game/CTF which can be a fun aspect to SecOps).
© Coventry University. CC BY-NC 4.0