Wednesday, 28 May 2014

Overview on NOC - SOC teams

Rapid changes in technology have also brought in lot of risks with it. Organizations have tried to keep pace with technology and have implemented solutions like cloud / SAAS etc in order to meet business requirements. Along with these solutions network monitoring and security monitoring have also gathered importance. Organizations have set up network and security monitoring centers in order to ensure that issues can get addressed proactively. The issues can be related to day to day network / IT services operations or could be to address security concerns that an organization may face. It is worth having looking at an overview of what the difference is between an NOC and SOC and if an organization needs to have these two areas looked into separately.  A network Operation Center (NOC) as it is commonly known, primarily looks at network / IT services only. For example a NOC team would keep monitoring all the IT services being provided by the IT team. Review all the alerts that are being raised by the various systems and raise incidents where necessary. For example in case an alert is received about critical server nearing the CPU utilization capacity, the NOC team would raise an incident and ensure that proper communication is sent to business about the same. The ticket would be classified based on severity, appropriate remedial steps would be taken and status reports will be sent out to business. All communications etc would depend on the organization policy and the escalation mechanisms defined etc. A security Operation Center (SOC) on the other hand reviews all the logs that are being generated by the various servers / applications / network devices and tries to identify anomalies in behavioral patterns or deviations from the normal trend. For example if a server reboot normally takes about 30 secs but on a given day it takes about 45secs it would be an issue to investigate. The issue could be related to a virus attack or just corrupt OS files. However this needs to be reviewed and addressed so that appropriate action can be taken. What an organization needs to set up first NOC / SOC depends upon the requirements of the organization. NOC teams are more important where application uptime is of primary importance to the business but the organization does not deal with critical user / client information. SOC teams are more active in organizations which have a lot of confidential or IPR data which needs to be protected. Also the cost of setting up a NOC / SOC as opposed the returns that these teams can generate needs to be evaluated. Since they are not adding to the direct bottom line of the business the benefits that the NOC / SOC teams can only be measured in terms of the benefits business derives from them. For example NOC teams helps to ensure uptime of IT services thus providing business with the tools / applications that they require to perform at an optimum level. SOC teams ensure that there is no breach of security thereby ensuring business reputation is not hampered and increasing investor confidence in the organization. Also as a cost effective measure organizations cal also look at outsourcing the NOC / SOC service to vendors who can provide specialized services for the same These services can be signed up for on a dedicated / shared service model. Again the cost is major component in deciding how the services need to be procured. Also the in house knowledge of the organizations and its strategic vision will also be a deciding factor. In case the organization wants to grow these competencies internally, a huge investment may make sense. If not it would be more viable to outsource the NOC / SOC teams. Even open source tools can be used to meet the organizations requirements. Some of these can also be customized and paid version can be purchased at a minimal cost to get features as required by the organization

NOC / SOC teams have become very important for organization to ensure that business is not impacted by the technology threats and security issues are nipped in the bud. This has helped business to perform at an optimum level without having to worry about downtime and non availability of critical services.



About Author:
Mohini Bhandari is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at mohini.b@spluspl.com 

2 comments: