Differences Between NOC and SOC
➡ In Myanmar, some companies in these sectors like Banking and Telecom start to implement NOC (Network Operation Center) and SOC (Security Operation Center) by adopting the strategy of “Monitor and Response”. These security controls can be implemented as insourced or outsourced services. Their mission is to identify, investigate, prioritize, escalate system events happening in network infrastructure and resolve these issues. Today, I will discuss about the differences between NOC and SOC, task responsibilities of each center based on NOC/SOC Integration Paper of SAN Institute. I will take out associated points about my article from this paper.
➡ What is NOC?
NOC focus and monitor network performance and availability. The NOC’s job is to meet service level agreements (SLAs) and manage incidents in a way that reduces downtime. This includes all technology equipment such as servers, switches, routers, firewalls, device management systems, storage systems, database systems, wireless systems, telecommunication systems, Internet of Things (IoT) devices and any other terminals with an IP address. Typically, they are focused on ISO Layer 1 to 4.
Let’s study about NOC handling tasks.
1️⃣ DDoS Attacks, power outages, network failures,
2️⃣ The configuration of the routes of firewall or routers to black holes routes if the case of being hit by DDOS and malware traffic happen to our network or we won’t allow our network users to access any specific domains,
3️⃣ Port management (Opening and closing ports on the firewall to allow the network to communicate with outside servers),
4️⃣ Communication with network users when a major incident occurs, impacting network services and
5️⃣ First level triage of Network Change Request; once validated, then they funnel to the correct team.
➡ NOC is usually staffed 24*7 with personnel who continuously monitor for outages, faults, critical events, and abnormalities within the network.
➡ What is SOC?
A SOC usually focuses and protects incidents and alerts associated with information security in our organization. A SOC may also be called Computer Security Incident Response Team (CSIRT), Computer Incident Response Team (CIRT), Computer Incident Response Center (CIRC), Cybersecurity Operations Center (CSOC) or Cyber Defense Center. SOC can be formed internally in our organization or organization externally takes the SOC service from Managed Security Service Provider (MSSP).
These mainly tasks of SOC are the followings:
1️⃣ Real-time monitoring and triage,
2️⃣ Countermeasure implementation including firewall blocks, DNS black holes, IP blocks, patch deployment and account deactivation and
3️⃣ Forensic artifact handling and analysis to track the stealthy ways of malware and
4️⃣ The long-term analysis of event feeds, collected malware, and incident data for evidence of malicious or anomalous activity.
➡ SOC team also runs in 24*7 to protect the intellectual property and customer data in our organization. In today article, I’ve already discussed about each task responsibilities for NOC and SOC. In the next article, I will continue how useful and effective for our security defense when we integrate NOC with SOC.
Don’t forget to share this post!