The conventional wisdom about network and security operations has changed. Traditionally, the network operations center (NOC) and security operations center (SOC) largely have worked independently, each focusing on its own tasks, tracking its own data and using its own set of tools. In today’s environment, that is no longer wise.
The problem is that this siloed approach leaves each team working with only limited visibility into the network environment, making it difficult to detect and respond to threats at the scale and speed that agencies require.
“We cannot have one set of folks looking at endpoints, infrastructure [and] devices, and another set of folks looking at that security,” said Vivian Richards, Partner Technical Manager for Public Sector at Splunk.
The siloed approach also makes it more difficult to automate operations, which has become essential. “The growing complexity of cyber threats … requires modern solutions that can provide real-time automated responses,” said Alex Maier, Senior Solutions Engineer at August Shell.
In this video interview, Richards and Maier discuss how to create a blended NOC/SOC environment. Topics include:
- How using automation to tackle increasingly complex tasks can help agencies free up cyber experts to focus on advanced analytics
- Why it is essential to have both the NOC and SOC working with one immutable, unchangeable source of data on the network environment
- How an integrated approach can reduce tool sprawl and enable greater automation and orchestration
Also in this video: In March 2024, Cisco completed its acquisition of Splunk, making it easier for agencies to deploy a unified solution that provides visibility across both security and network operations. To learn more, watch this clip (4:47 min.)
