Cloak and Dagger: Understanding the Interplay Network Operation Centers (NOC) and Security Operation Centers (SOC).

Cloak and dagger. That’s my go-to metaphor to explain the difference between a network operations center and a security operations center. The NOC team handles the offensive aspects (neutralizing cyberattacks), while the SOC team handles the defensive aspects of network security (making sure the corporate network functions adequately).

In most organizations, these two departments are typically complementary and tend to weave together their operations more or less seamlessly. Both types of security analysts will work towards establishing a consistent security posture. This will translate into secure and effective network operations across the board – in which cyber threats are swiftly addressed and the network works as intended.

Both the SOC and NOC teams will keep an eye on issues pertaining to network management and security issues. This will encompass anything from networking malpractices, network monitoring, and network performance to threat detection, threat intelligence, and various aspects such as service support.

So what exactly is the need for two separate staff to cover two aspects of the same job?

Simply put, even though both roles are indeed complementary and tightly interwoven, they each require particular skills and either a proactive or a reactive focus. So even though the interplay of these two types of security centers happens routinely, the scope of the responsibilities of each team is actually very different.

To answer this question more clearly, I’ll examine what the NOC module is expected to do compared to the role of security operations. Both of these departments can be outsourced SOC as a NAAS operator-type contract, or they can be in-house when the data center is managed internally from a centralized location.

What exactly are OC analysts expected to do?

The main focus of SOC staff is to continue monitoring potential threats to the cyber security of the organization. This includes promptly dealing with those incidents – preemptively if at all possible, or otherwise as soon as possible.

Once a security breach has been contained, it will typically require making changes to the network to keep it from happening again; that is precisely when the NOC team will be asked to collaborate with the security operations center.

A SOC analyst will tend to deal with software applications related to performance monitoring and troubleshooting.

What is the specific role of a NOC analyst?

The scope of NOC services pertains specifically to networking-related incidents that directly impact the performance and availability of the corporate network and the maintenance of its IT operations center.

The focus of this staff (sometimes also referred to as Network Management Center) is to keep downtime to a minimum while also supervising, monitoring, and up-keeping the health of the computer network that is used within the organization.

A NOC analyst will usually deal with marketing-related software applications and stay focused on matters of customer experience, as well as ensuring the best possible service quality.

How do the roles of SOC and NOC contrast?

  • If an issue comes up regarding network infrastructure vulnerabilities, that is SOC territory; however, once the incident response is sorted through, then it’s up to the NOC team to ensure it doesn’t happen again.
  • If there’s an incident involving breaches of security that threaten information assets, that’s up for the SOC team to handle; but when those incidents interfere with the performance of the network, those aspects are within the NOC team’s responsibilities.
  • Anything that involves actively protecting the network from cyber-attacks and security threats is up for the SOC team to manage; anything that relates to keeping smooth network operations with as little downtime as possible is handled by the NOC team.
  • Anything that involves keeping sensitive organizational data protected is within the scope of SOC, while issues that involve SLAs (service level agreements) are typically handled by NOC people.
  • The specialty of a SOC analyst revolves around security engineering, whereas NOC analysts need to be more fluent in terms of system engineering and all kinds of networking applications.
  • In general terms, SOC focuses on monitoring and upkeeping network security and dealing with quality issues, while the NOC module overlooks performance-related issues.
  • NOC has an operational function and favors a reactive approach (issues are managed as they occur), while SOC has a strategic role and is expected to have a proactive approach.
Amanda Kremer