Lately, I have been having a lot of conversations with customers about ClearPointe delivering security management services. Over the past few years, cyber attacks and hackings have filled our news especially when high profile organizations such as Yahoo, Target and WikiLeaks are affected. These highly exposed attacks legitimize everyone’s concerns and businesses realize the vulnerability and risk they face – this result is the IT industry always feels one step behind cyber criminals.
A top concern is how to move from the signature-based “monitor and respond” strategy to one that is more preemptive. This type of sophisticated security management is delivered by a security operations center (SOC). This is very different from the network operations center (NOC) services that ClearPointe delivers.
A NOC is responsible for handling incidents that affect application performance or availability. A SOC handles incidents that affect the security of information assets. Though both a SOC and NOC are involved in risk management, the methods and goals greatly differ.
A NOC’s job is to meet service level agreements (SLAs) and proactively manage incidents in a way that reduces downtime. This results in a focus on availability and performance. At ClearPointe, one of our NOC’s goals is to not only detect potential issues in real-time but to also resolve those issues from detection to remediation with zero or minimal impact on the client’s business. A SOC is responsible for protecting intellectual property and data which results in a single focus on security. You can read more about ClearPointe’s NOC here.
While there are some similarities between the NOC and SOC, this often leads to the mistaken idea that one can easily handle the other’s duties. This couldn’t be further from the truth because the roles are fundamentally different. While it is true that both are responsible for identifying, escalating and resolving issues, the type of issues and the impact they have are distinctively different. Both are critical to any business, combining and having them each deliver the other’s duties can be disastrous because their methodologies and goals are so different.
It is also important to understand another reason the SOC and NOC should not be combined is because the analyst’s skill sets are so different. A NOC analyst must be skilled in network, application and systems monitoring and management, and a SOC analyst would specialize in security and threat mitigation skills.
NOC services simply cannot be provided by a SOC and vice versa. They both serve a distinctive purpose but should not be used as a substitute for the other. As part of our client promise, ClearPointe believes in transparency; therefore, we strive to be very clear on what services we deliver – and provide clarity on the differences between the two operations centers.