What is a ‘NOC’? What is a ‘SOC’? The Battle of ‘NOCs’ vs. ‘SOCs’…
Noc’ing the Soc’s Off You!!
First of all, I want to preface this by stating and asking, “Why aren’t NOCs and SOCs the same thing???” Just initially hearing what the acronyms stand for alone, and going based off of that, I would think we would want “Network” and “Security” intertwined and treated with a holistic approach. Similar to how security should be “baked in” to software.
NOC–Network Operations Center
A NOC is a Network Operations Center (NOC, pronounced like the work ‘knock’), which can also be referred to as a “network management center”.
It can be one or more locations from which network monitoring and control (i.e. network management) is exercised over a computer, telecommunication or satellite network. NOCs date back to the 1960s with AT&T’s Network Control Centers. [1]
NOCs are implemented by organizations (ranging from enterprise-level private sector, to public utilities, universities and government agencies) that have large and complex networking environments which have high demand and require high availability, or uptime.
SOC–Security Operations Center
A SOC is a Security Operations Center (SOC, pronounced like the work ‘sock’).
A SOC is a “centralized unit that deals with security issues on an organizational and technical level.”
It comprises the three building bocks people, processes, and technology for managing and enhancing an organization’s security posture. Thereby, governance and compliance provide a framework, tying together these building blocks. A SOC within a building or facility is a central location from where staff supervises the site, using data processing technology. Typically, SOC is equipped for access monitoring, and controlling of lighting, alarms, and vehicle barrier. [2]
So from the defintion, a SOC seems to cover ALL security, not just digital but even the physical with vehicle barriers.
However, we also have an ‘IT’ SOC or ISOC, an Information Security Operations Center. An ISOC “is a dedicated site where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended”. [2]
Shortlist Comparison
- NOC
- Manage, Monitor & Oversee IT Intrastructure
- Incident Response With Minimal Downtime
- SLAs for Response
- System Monitoring, Troubleshooting & Remediation
- Proactive Maintenance
- Data Analysis & Reporting
- Focused on System Health & Performance
- Operations-Based, Ticket & Alert-Driven
- SOC
- Built on Data, Communication, Service & Security (Endpoint & Network)
- Threat & Network Vulnerability Tracking
- Protects & Safeguards Sensitive Information
- Real-Time Detection & Response & Historical Data Access
- Strategic & Proactive Approach [3]
