Rapid changes in technology have also brought in lot of risks with it.
Organizations have tried to keep pace with technology and have implemented
solutions like cloud / SAAS etc in order to meet business requirements. Along
with these solutions network monitoring and security monitoring have also
gathered importance. Organizations have set up network and security monitoring
centers in order to ensure that issues can get addressed proactively. The
issues can be related to day to day network / IT services operations or could
be to address security concerns that an organization may face. It is worth
having looking at an overview of what the difference is between an NOC and SOC
and if an organization needs to have these two areas looked into
separately. A network Operation Center
(NOC) as it is commonly known, primarily looks at network / IT services only.
For example a NOC team would keep monitoring all the IT services being provided
by the IT team. Review all the alerts that are being raised by the various
systems and raise incidents where necessary. For example in case an alert is
received about critical server nearing the CPU utilization capacity, the NOC
team would raise an incident and ensure that proper communication is sent to
business about the same. The ticket would be classified based on severity,
appropriate remedial steps would be taken and status reports will be sent out
to business. All communications etc would depend on the organization policy and
the escalation mechanisms defined etc. A security Operation Center (SOC) on the
other hand reviews all the logs that are being generated by the various servers
/ applications / network devices and tries to identify anomalies in behavioral
patterns or deviations from the normal trend. For example if a server reboot
normally takes about 30 secs but on a given day it takes about 45secs it would
be an issue to investigate. The issue could be related to a virus attack or
just corrupt OS files. However this needs to be reviewed and addressed so that
appropriate action can be taken. What an organization needs to set up first NOC
/ SOC depends upon the requirements of the organization. NOC teams are more
important where application uptime is of primary importance to the business but
the organization does not deal with critical user / client information. SOC
teams are more active in organizations which have a lot of confidential or IPR
data which needs to be protected. Also the cost of setting up a NOC / SOC as
opposed the returns that these teams can generate needs to be evaluated. Since
they are not adding to the direct bottom line of the business the benefits that
the NOC / SOC teams can only be measured in terms of the benefits business
derives from them. For example NOC teams helps to ensure uptime of IT services
thus providing business with the tools / applications that they require to
perform at an optimum level. SOC teams ensure that there is no breach of security
thereby ensuring business reputation is not hampered and increasing investor
confidence in the organization. Also as a cost effective measure organizations
cal also look at outsourcing the NOC / SOC service to vendors who can provide
specialized services for the same These services can be signed up for on a dedicated
/ shared service model. Again the cost is major component in deciding how the
services need to be procured. Also the in house knowledge of the organizations
and its strategic vision will also be a deciding factor. In case the
organization wants to grow these competencies internally, a huge investment may
make sense. If not it would be more viable to outsource the NOC / SOC teams.
Even open source tools can be used to meet the organizations requirements. Some
of these can also be customized and paid version can be purchased at a minimal
cost to get features as required by the organization
NOC / SOC teams have become very important for
organization to ensure that business is not impacted by the technology threats
and security issues are nipped in the bud. This has helped business to perform
at an optimum level without having to worry about downtime and non availability
of critical services.
About Author:
Mohini Bhandari is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at mohini.b@spluspl.com
THANK YOU FOR THE INFORMATION
ReplyDeletePLEASE VISIT US
Seo Services in Bangalore
Thank you sharing an amazing for the information about NOC services
ReplyDelete