Industry Trends

Network and Security Operations Center: Combining NOC & SOC

By John Maddison | July 03, 2018

If your organization is like most, you are in the middle of radically rethinking your business strategy to address the realities of today’s digital marketplace. And more often than not, this includes redesigning your network infrastructure – something that, until recently, hasn’t really evolved for a long time.

The ongoing requirement to continually adapt your network to the demands of the new digital marketplace has taxed the resources of most IT teams. Systems engineers traditionally focused on managing a core network are now being spread thin with developing virtual environments, architecting of multi-cloud infrastructures, managing a growing number of endpoints and IoT devices, and keeping an eye on Shadow IT inside the organization.

Many IT professionals now say they often feel overwhelmed, and that they have less of a handle on what’s happening inside the network than ever before. Part of the reason is that network projects are not being approached holistically. Most organizations operate in a fire-fighting mode, resulting in resources being applied only when issues are about to – or already have – become critical.

Which means that development efforts are often siloed. In many organizations, distributed data centers, cloud architecturesIT/OT convergence, rapid consumer and employee application development, and massive IoT implementations are being run as separate projects. And more often than not, are the domains of completely separate teams inside the organization, each with their own set of network and security technologies being deployed as part of the solution. In such an environment, visibility, control, and security are far too often being traded for expediency.

NOC vs. SOC? They’re actually better together

The challenges of an organically developed and fragmented infrastructure have further enabled an alarming increase in cyber events and data breaches, often in spite of a significant investment in security tools. The issue isn’t that there aren’t security devices in place. The issue is that these solutions almost always operate in isolation, and that security and operations teams rarely have clear and consistent insight into what is happening across the network.

To address this, many organizations have deployed a Network Operations Center (NOC) and a Security Operations Center (SOC) solution to increase visibility, centralize management, and improve control. But even these systems are still far too isolated to address the challenges resulting from today’s hyperconnected and hyperdistributed networks. Even with centralized NOC and SOC solutions in place, the teams running them tend to still be siloed, and as a result are only focused on half of the equation. 

The gaps between these approaches, and specifically, the data they don’t share, often leaves gaps in the knowledge needed to do either job effectively. Security deployments that don’t have consistent insight into business requirements or operational processes can cripple network performance by placing inefficient or slow security devices in the middle of performance-sensitive workflows or applications. Likewise, network management systems focused exclusively on performance and throughput measurements can leave critical resources vulnerable and exposed.

Closing the gap between NOC and SOC management strategies

Even though a NOC or a SOC consolidates a variety of tools and measurements into a single management system, they are still too isolated. Rather than this siloed approach, what’s needed is a new approach, with a system that can bring security visibility and control into the NOC, and provide operational requirements and network and workflow visibility to the SOC. By combining these systems into a single, holistic solution organizations can focus on the bigger picture of “secure throughput” that can streamline operations while managing and even anticipating critical security events.

This new approach could also help overworked IT teams operate with the benefit of the other’s perspective and enable organizations to realize a new level of protection and operational management that can simultaneously adapt to network changes. Not only will this added insight allow organizations to see events more clearly, but it also enables the development of effective automation that allows the network to respond to an event at digital speeds without impacting critical business processes.

For example, once a threat is identified, not only would security engineers immediately understand the scope of a threat, including a real-time view of all networked assets, including their current state and who owns them, but the event could also automatically orchestrate an action that leverages both network and security resources. Such an intersection between operations and security will be key for establishing the sort of flexible defensive posture and adaptable risk management strategy required to protect today’s dynamic environments and business operations.

Effective network management should never be restricted to operations-only or security-only perspectives. In today’s complex ecosystem of hyperconnected digital networks, NOC-only or SOC-only techniques are insufficient. A unified approach to secure network operations, on the other hand, effectively mitigates resource constraints while closing the gaps inherent in isolated management strategies.


Read more about Fortinet's NOC-SOC integrated solution designed to bridge workflows, analysis, and automated response between operational and security processes.