Modern NOCs should collaborate with SOCs. Why?

Modern NOCs should collaborate with SOCs. Why?

An old-fashioned approach to IT

Historically, IT Ops engineers monitored performance and availability issues through dashboards composed of dozens of tools. Whenever they were finishing up fixing their last issue, an onslaught of events would arrive across a bunch of unrelated dashboards. A lot Has Changed Over the Years in IT Support.

Depending on the issue, it could take several hours or even days to resolve. Across the Ops and service desk teams, it was a day in, day out model. There was no early indication that things were starting to go wrong. There was no way to prevent an impact on users or the business before it started.

Models like this are unsustainable. Fortunately, they are disappearing quickly. According to ServiceNow research, traditional NOCs (network operating centers) are shrinking and, in some cases, disappearing. Now that alerts can be automated and observed better, IT pros do not need to monitor them constantly. 

A comparison of NOCs and SOCs

Monitors and managed endpoints are the responsibilities of a NOC service provider. In addition to security-related services like AV/AM management and patch management, this can include some other services. 

SOCs, on the other hand, goes much deeper into the business of protecting their customers’ data and infrastructure from cybersecurity threats. A security solution can include everything from a basic firewall to SIEM technology. SOC providers look for potential threats on the network, such as anomalous activity, and investigate them. Once a threat is identified, measures can be taken to stop it from gaining traction.

NOC and SOC technicians are both essential to business continuity, so companies need to have them working together.

We need to catch up on a lot in SOCs collaboration in modern NOCs

Palo Alto Networks came on the scene with a fundamentally different approach in 2005, which shook up the cybersecurity landscape. Customers were purchasing a black box for every application and function at the time. Coordination wasn’t possible because the boxes didn’t communicate. As a result, managing them all proved to be a nightmare, and they created vulnerabilities that could be exploited by attackers.

While firewalls were designed for ports and protocols, Palo Alto was able to see applications. This meant that it ranked applications according to their priority. The company’s integrated platform combined multiple applications in one place. It offered greater speed, efficiency, and security than other platforms available. It was a hit with customers.

In the physical security world of today, conditions are similar to those of the mid-2000s when firewalls and networking systems were broken. Whenever we attend a concert or sporting event, we endure an interminable security queue. Then we dump the contents of our packets – which means pockets – into a bucket. Our bags are subjected to deep packet inspection when we have them. 

Then we go through an ancient analog metal detector that can’t tell the difference between a gun and a prosthetic knee. In the worst-case scenario, we will be stopped and patted down. Ticket validity is next, followed by our fight to the seats after going through the security gauntlet. Even though our family has had season tickets, we have to endure this nonsense. How can this be?

In the physical security world, many systems are analog and do not become more intelligent over time. Everything in cybersecurity is digital by default and often enriched with machine learning. Sensors in physical security – such as weapons detectors, video surveillance systems, ticket processing stations, or people counters – operate independently and don’t communicate with one another. 

Additionally, each new system degrades the guest experience as it is stacked serially in a congested environment. The goal of cybersecurity is to keep things moving by parallelizing and auto-scaling integrated systems. Physical security has almost no analytics, no objective risk-scoring methodologies, and the default solution to nearly every problem is “hire more people” or “train the people to do more and remember more.”

As a result of the pandemic, all of these physical security weaknesses have reached boiling point. They have reached the boiling point of sanity. Physical contact and crowded lines are no longer acceptable to guests and employees. As a result, facilities must now screen for weapons, check for elevated temperatures, ensure mask compliance, and ensure social distancing compliance. Those facilities, which are reopening, are finding that adding more people and boxes will not result in progress.

Integrated artificial intelligence-powered platforms can detect multiple threats with multiple sensors in a single scan using touchless technology, which is the future of physical security. This platform will be intelligent, connected, precise, and adaptive, just like modern cybersecurity platforms today. While it is invasive for intruders, it is barely noticed by valued visitors.

Imagine how cool it would be if the same system that detects threats could also process tickets, guide visitors to their seats, and give season ticket holders and other trusted visitors a premium experience. Will we have to cross organizational boundaries to accomplish this? Absolutely! Would we need to reimagine business processes and design them with the visitor experience in mind? Without a doubt! The goal of digital transformation is to improve the visitor experience.

There is a lot of catching up to do in the physical security world in this digital transformation. The network operation center (NOC) and the security operations center (SOC) will eventually be merged when physical security is fully transformed. We’ll know we’re getting there when both the NOC and SOC are in the same room and all occupants are fully aware of all threats, whether they manifest themselves as bits or atoms. It may even include visitor experience metrics in the situational awareness of the combined [SNOC]. Both threats and key business results will be considered by risk managers.

A day like that is something we all are looking forward to. It’s time to get started.

Also Read: How IT Support Has Changed Over the Years [Evolution]?