Enterprises Can Gain Significant Efficiencies and Increased Effectiveness through NOC/SOC Integration
Approximately 80% of organizations with a security operations center (SOC) also have a network operations center (NOC). While these two groups ultimately serve different functions for an enterprise, significant overlaps do exist and SOCs and NOCs will typically need to collaborate in the event of an incident or emergency. Yet, despite the somewhat symbiotic relationship that exists between the NOC and SOC only a small percentage of enterprises truly integrate these functions.
Source: Crowley/SANS 2017
Considerations for Creating an Integrated Operations Center
Both NOCs and SOCs have incident response teams, call centers and monitoring. Both centers work hard to assure the integrity and availability of enterprise IT assets. Given this list of redundancies, it would behoove many organizations to consider blending their NOC and SOC into an integrated operations center, or IOC.
A properly constructed IOC creates cohesion on three different levels.
- Organizational: cross-correlating, pattern identification from shared NOC/SOC monitoring tools, triage and collaboration
- System: standard operating procedures, process integration and service level agreements (SLAs)
- Asset: shared use of a common information aggregator that collects all of the pertinent network monitoring data and logs and distributes it through integrated tools and dashboards
The most significant efficiency gains via the creation of an IOC are typically felt in Tier 1 operations. And this is amplified when automation is strategically applied to highly repetitive processes.
Security Orchestration as the Basis for Enterprise IOCs
Creating a cohesive integrated operations center can be accomplished with a security orchestration platform that acts as the unifying fabric for the NOC and SOC. Applying security orchestration this way brings together the various technologies and processes used by both functions to streamline day-to-day activities, resolve incidents faster and centralize collaboration.
Siemplify’s security orchestration platform enabled Horace Mann to eliminate multiple consoles by consolidating them into one, reducing false positives through automation and incident response orchestration, removing redundant functions in the SOC and NOC, and improving visibility into incident response processes in a way that makes compliance demonstration much easier.
Horace Mann analyst and team lead James Bantner says, “The platform is extremely intuitive, and our analysts love its simplicity and ease of use. It has made our work much easier and more efficient, organizing and streamlining processes as well as creating stronger communication and collaboration.”
The results speak for themselves. Siemplify’s platform helped Horace Mann to eliminate five manual processes, replace eight user interfaces and reduce the time to identify linkages between alerts from a whopping seven hours to a mere five seconds. And Horace Mann’s IOC was recently recognized as the 2018 ISE® North America – Financial Project of the Year Winner.