NOC & SOC 101 - Do I need them?

No, we’re not talking about Dr. Seuss characters — and while they might sound like they belong in one of the famous author’s whacky worlds, they’re acronyms for two very important additions to your enterprise network’s health: NOC, which stands for Network Operations Center, and SOC, which stands for Security Operations Center.

NOCs - WHAT ARE THEY, AND WHAT DO THEY DO?

It’s best to imagine a NOC as NASA’s Houston command center — that semi-circle of desks in ascending rows, kitted-out with multiple monitors and devices, centered around one large, main screen. Rather than controlling space flight missions, however, NOCs are used as a command center for your business’ network.

A NOC, of course, needn’t be organized in the classic command center fashion — but multi-monitor set-ups and multiple desks are hallmarks of them. This is because the techs and specialists that work in a NOC are tasked with monitoring every system of your network: inbound traffic, outbound connections, server loads, system health, everything. When keeping an eye on all these various systems, screen real estate is important.

While a NOC can help any business’ enterprise ecosystem thrive, they’re incredibly beneficial for companies that operate out of more than one office. NOCs can be used to monitor the entirety of a network — meaning if your business has an office in Dundee, Scotland, and Topeka, Kansas, your NOC will know everything that’s happening at and between the two — and all in real-time.

SOCs - WHAT ARE THEY, AND WHAT DO THEY DO?

Just like a NOC, a SOC is best described as a command center akin to NASA’s Houston. And SOCs are most definitely who you would reach out to when it’s time to say “Houston, we have a problem.”

Very similar in function and appearance to a NOC, SOCs are specialized in maintaining and monitoring security across your enterprise ecosystem. This is achieved in practically the same manner as a NOC would — real-time monitoring of your various systems across your network.

SOCs work best when paired with a NOC — this allows the NOC to handle non-security related aspects on the network, and the SOC to keep all eyes on cyber threats. While working in tandem, NOCs and SOCs will communicate back-and-forth with each other in order to analyze and respond to any incidents or threats that may arise throughout the network.

Your NOC, for example, might notice a quick uptick in inbound traffic denoting increased activity in server access requests, which will then be flagged as suspicious. Your NOC would then communicate concerning the traffic in question to your SOC, which would then analyze the specific inbound requests for any security threat. This allows the NOC to continue monitoring the entire network at full capacity, and gives the SOC the ability to devote 100% of their attention to security threats as they arise.

NOCs and SOCs - DO YOU NEED THEM?

If you’re a SMB that’s already working with a MSP (Managed Service Provider) or MITS (Managed IT Service) that are classified as a fully-managed IT service, you pretty much already have a NOC and SOC working for you. While NOCs and SOCs have been around since the 1980s and the early days of NIST (something we’ll cover in a blog down the line), MSPs and MITS teams are newer to the scene, but function in essentially the same manner.

While there’s a lot of crossover between the two, MSPs and MITS teams can manage multiple networks in real time — they are, however, less specialized when compared to NOCs and SOCs. This is because NOCs and SOCs mainly monitor the situation — when a problem arises, the NOC or SOC will send out a team or specialist to fix the issue — sometimes, that issue can be fixed directly from the NOC or SOC, and other times it requires someone to be on site.

Unless your business is managing multiple networks spread out across different regions that require a high degree of security, your SMB will function completely fine without a NOC or SOC. If your company faces multiple threats daily, or requires a high degree of control over its systems and networks, a NOC or SOC might be right for you.

CONTINUOUS MONITORING ISN’T A NECESSITY, UNTIL IT IS

Once your network reaches a certain size, having eyes 24/7 on the situation becomes a necessary precaution against cyber threats and downed or slow connections. It’s important to remember that not only does a security breach or downed network cause costly interruptions to your daily operations, they also cause customers or clients to become distrustful of your service, and wary of your brand.

A NOC and SOC are just another tool in your belt to help you maintain your network’s health, and therefore your business’ speed, efficiency, and brand reputation.

Patrick Judy
Patrick Judy is an IT Solutions Specialist who originally began working for Cobb in 2010, and after a five year stint in Raleigh, North Carolina, returned to Cobb’s managed IT development department. Patrick specializes in consulting with businesses in order to help grow and maintain their enterprise ecosystems, and when he’s not working, he’s snowboarding (in which he has over 20 years of experience), or spending time with his family.