Operation Centers
SOC - Security Operation Center
Security Operation Center
A Security Operation Center is related with the people, processes and technologies involved in providing situational awareness through the detection, containment, and remediation of IT threats. An SOC manages incidents for the enterprise, ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event) and determine if it is a real, malicious threat (incident), and if it could have a business impact.
SOCs typically are based around a security information and event management (SIEM) system which aggregates and correlates data from security feeds such as network discovery and vulnerability assessment systems; governance, risk and compliance (GRC) systems; web site assessment and monitoring systems, application and database scanners; penetration testing tools; intrusion detection systems (IDS); intrusion prevention system (IPS); log management systems; network behavior analysis and threat intelligence; wireless intrusion prevention system; firewalls, enterprise antivirus and unified threat management (UTM). The SIEM technology creates a “single pane of glass” for the security analysts to monitor the enterprise.
NOC - Network Operation Center
Network Operation Center
NOCs often escalate issues in a hierarchic manner, so if an issue is not resolved in a specific time frame, the next level is informed to speed up problem remediation. NOCs sometimes have multiple tiers of personnel, which define how experienced and/or skilled a NOC technician is. A newly hired NOC technician might be considered a “tier 1”, whereas a technician that has several years of experience may be considered “tier 3” or “tier 4”. As such, some problems are escalated within a NOC before a site technician or other network engineer is contacted.
NOC personnel may perform extra duties; a network with equipment in public areas (such as a mobile network Base Transceiver Station) may be required to have a telephone number attached to the equipment for emergencies; as the NOC may be the only continuously staffed part of the business, these calls will often be answered there.