In our work with Network Operations Center (NOC) teams, we have seen a dramatic shift in planning and communication that is being driven primarily by cloud migration. In the past, NOC teams were more likely to operate in their own silo: their work was specific to keeping networks operating and available to the business. The nature of networking is that it includes thousands of devices spread across typically hundreds or even thousands of locations, all of which must work together to deliver connectivity and user experience. NOC teams specialize in understanding this critical ecosystem and often struggle to dedicate cycles to forward-looking requirements and impacts outside of their domain.

With the relentless advances in technology, NOC teams are having to re-think their operations and consider the security implications of new use cases such as cloud migration. Meanwhile, Security Operations Center (SOC) teams are reaching out to NOCs with new policies and recommendations for securing key infrastructure.

In his recent white paper, Network Automation Provides a Foundation for NetSecOps Convergence, Shamus McGillicuddy, VP of Research, EMA, reports that over 75% of enterprise teams report increases in NOC team collaboration with SOC teams in their companies over the last few years. He also reports that the top drivers of increased collaboration include:

  • 81% of companies are building partnerships between NOC and SOC teams in support of public cloud migration
  • 81% of companies are building these partnerships to support and secure people who work from home
  • 79% of organizations are establishing NetSecOps partnerships in support of the Internet of Things (IoT) and edge computing

What do all these use cases have in common? They are disruptive to both NOC and SOC teams. For NOCs, these new use cases put more demand on network availability and performance. For SOCs, these use cases open new security threat planes by sharing access to data and applications outside of the normal company perimeter. On both sides, this is creating the need to communicate and plan in tandem across NOC and SOC teams.

Most typically, planning for NetSecOps partnerships need to cover these five critical areas:

5 keys to readiness for cloud migration and secure network operations with NetSecOps

  1. Inventory Visibility – Providing a thorough examination of the types and brands of network equipment and software that are running in the network. Automation of this process helps to reveal older and outdated network devices that need to be upgraded and replaced to avoid unnecessary security exposures. It also provides a basis for planning with security teams who view networks as potential entry points for hackers and data exposure.
  2. Configuration and Software Control -- Sharing and agreeing on standard configurations for the network which can be monitored and enforced, is critical to meet policies for controlled access and to enable alerts when unexpected changes or access occurs.
  3. ML-based Anomaly Detection – Analysis of network behavior with alerting on deviations from baseline performance and traffic, is key to detecting threats and responding with remediation that will eliminate exposures. An analyst compares this to detecting event horizons around black holes, which cannot be measured directly but their presence can be inferred. This detection is a critical part of infrastructure defense as hackers become increasingly sophisticated in their attack methods. In short, as attacks become harder to anticipate and detect directly, indirect detection by observing the effects of the attack becomes a critical approach for NOC teams – enabled best by AIOps and Machine Learning (ML)-based capabilities.
  4. Fault and Performance Monitoring – Taking action to address faults with automated remediation becomes part of the SOC team arsenal, enabling the practical adoption of tougher security standards, especially for large-scale network environments.
  5. Continuous Compliance – Enabling alarms on unexpected changes and access is critical in modern networks. Enforcing policies with automated responses that ensure compliance with SOC team policies across a complex network, is also required.

Understanding NOC and SOC team responsibilities

Along with reporting on how NOC and SOC teams collaborate more, Shamus also points out that this type of collaboration is hard. Part of what makes it hard, is that NOC and SOC teams use different operating standards and care about different metrics for measuring operations. Let’s compare in the table below:

Table 1. NOC and SOC team operating models and metrics

5 keys to readiness for cloud migration and secure network operations with NetSecOps

In a recent conversation we had with a healthcare customer, they described more frequent audits and changes in policy that were flowing from security concerns. For them, the process of determining network changes responsive to policy changes was close to a non-stop concern. In short, aligning NOC teams with SOC priorities is increasing the need for network automation visibility and control.

To explore the growing importance of establishing an effective partnership between NOC and SOC teams, you can download your own personal copy of EMA’s white paper on NetSecOps here.

You can also benefit from attending our on-demand webinar here.