Why it makes sense to converge the NOC and SOC

It’s been 17 years and counting since Nemertes first wrote about the logic of integrating event response in the enterprise: bringing together the security operations center (SOC) and network operations center (NOC) at the organizational, operational, and technological levels. Needless to say, this has not happened at most organizations, although there has been a promising trend toward convergence in the monitoring and data management side of things. It’s worth revisiting the issue.Why converge?
The arguments for convergence remain pretty compelling:
Both the NOC and SOC are focused on keeping an eye on the systems and services comprising the IT environment; spotting and understanding anomalies; and spotting and responding to events and incidents that could affect or are affecting services to the business.
Both are focused on minimizing the effects of events and incidents on the business.
The streams of data they watch overlap hugely.
They often use the same systems (e.g. Splunk) in managing and exploring that data.
Both are focused on root-cause analysis based on those data streams.
Both adopt a tiered response approach, with first-line responders for “business as usual” operations and occurrences, and anywhere from one to three tiers of escalation to more senior engineers, architects, and analysts.
Most crucially: When something unusual happens in or to the environment (that router is acting funny), it can be very hard to know up front whether it is fundamentally a network issue (that router is acting funny – it has been misconfigured) or a security issue (that router is acting funny – it has been compromised) or both (that router is acting funny – it has been misconfigured and is now a serious vulnerability). Having fully separate NOC and SOC can mean duplicative work as both teams pick something up and examine it. It can mean ping-ponging incidents that bounce from one to the other, or incidents that neither picks up, thinking the other has or will.

At the very least, the lower tiers of separate NOC and SOC operations should be converged, so that there is neither duplication nor a game of hot potato as staff try to figure out what a problem actually is, and whether the response will be network focused, security focused, or both. Maintaining separate or semi-separate escalation paths is supportable given that lower-level convergence.To read this article in full, please click here READ MORE HERE…

Read more

Why is the transition from SD-WAN to SASE so painful?

The transition from software-defined WAN (SD-WAN) to secure access service edge (SASE) is proving to be difficult for many enterprises, according to new research from Enterprise Management Associates (EMA).If you’re a network or security professional, you’re probably familiar with SASE, a new class of solutions that integrates SD-WAN, secure remote access, and cloud-delivered, multi-function network security. Many enterprises are now evolving their SD-WAN implementations into a SASE solution, either by adopting their SD-WAN providers’ SASE capabilities or integrating their SD-WAN with third-party, cloud-based network security solutions.To read this article in full, please click here READ MORE HERE…

Read more

Fortinet consolidates SD-WAN and SASE management

Tighter integration between Fortinet’s SASE and SD-WAN offerings is among the new features enabled by the latest version of the company’s core operating system.FortiOS version 7.4 also includes better automation across its Security Fabric environment, and improved management features.FortiOS is the operating system for the FortiGate family hardware and virtual components, and it implements Fortinet Security Fabric and includes firewalling, access control, Zero Trust, and authentication in addition to managing SD-WAN, switching, and wireless services. To read this article in full, please click here READ MORE HERE…

Read more

Aruba to prioritize SASE, private 5G, data-center networking

Aruba Networks plans to prioritize development of a short list of key networking technologies – including data-center switching, private 5G, and secure access service edge (SASE) – that it finds are top of mind for enterprise customers.Hewlett Packard Enterprise’s network subsidiary is fresh off a successful first quarter that saw revenue climb 31% year over year. Aruba general manager Phil Mottram attributes the record revenue in large part to the company’s Intelligent Edge strategy, which includes technologies to help customers adopt and manage network and application resources.To read this article in full, please click here READ MORE HERE…

Read more

Extreme adds network fabric support to its SD-WAN

Extreme Networks has added network fabric capabilities to its flagship SD-WAN platform to enable customers to link and manage distributed resources more securely.Additional enhancements to the ExtremeCloud SD-WAN platform include improved automated workflows and direct connectivity to cloud systems such as Microsoft Azure and AWS.“The overarching idea is to help customers more effectively connect distributed sites, especially the smaller branch office, without increasing optical or management overhead,” said Rob Hull, product marketing director at Extreme. “For the smaller sites, especially, with maybe no IT person or few, it gives them the big-site quality-of-service feel and big-site centralized management capability.”To read this article in full, please click here READ MORE HERE…

Read more

NTT, Palo Alto partner for managed SASE with AIOps

A new offering from IT services provider NTT combines Palo Alto Networks’ Prisma SASE offering with NTT’s managed network services and AIOps infrastructure.SASE – secure access service edge – has been gaining interest for its potential to reduce networking complexity while improving security. It combines SD-WAN with security services, including secure web access gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and firewall-as-a-service (FWaaS), in a single, cloud-delivered service model.To read this article in full, please click here READ MORE HERE…

Read more

Enterprises turn to single-vendor SASE for ease of manageability

Before the start of the Covid epidemic, a traditional WAN architecture with centralized security worked well for Village Roadshow. “Advanced security inspection services can be applied, firewalls can provide separation, and a demilitarized zone can be implemented,” said Michael Fagan, chief transformation officer at Village Roadshow, the largest theme park owner in Australia.But it required backhauling traffic from remote sites to a data center or hub for security inspection, which can hurt application performance, create a poor user experience, and cost the company in productivity, he said.When the pandemic led the company to transition to a hybrid workforce, with most people working from home or from a remote site, it prompted Village Roadshow to rethink its network and security approach.To read this article in full, please click here READ MORE HERE…

Read more

Pros and cons of managed SASE

AmerCareRoyal, which provides disposable products for the food service and hospitality industries, is the product of six mergers and acquisitions over the past several years, and its former network security setup couldn’t keep up.Jeff DeSandre, who joined the company as CIO in 2019, wanted an SD-WAN platform that came with more advanced management options and firewalls. After looking at the market, he added threat detection and response capabilities to his wish list. “I was focused on getting our arms quickly around our wide area network and securing our edge, and then making sure that the solution I went with could scale to my long-term roadmap,” he says.To read this article in full, please click here READ MORE HERE…

Read more

Work from home is here to stay, so how should IT adjust?

The pandemic has changed how we work, probably forever. Most employees with jobs that can be done effectively from home have no intention of returning full time to the office. They find that their work-life balance is much more balanced without the long commutes and constant interruptions that accompany office work.According to a McKinsey/Ipsos survey, 58 percent of American workers had the opportunity to work from home at least one day a week in 2022, while 38 percent were not generally required to be in the office at all.To read this article in full, please click here READ MORE HERE…

Read more

Looking ahead to the network technologies of 2023

What’s the single most important thing that enterprises should know about networking in 2023? Forget all that speeds-and-feeds crap you hear from vendors. The answer is that networking is now, and forever, linked to business applications, and those applications are linked now to the way that we use the Internet and the cloud. We’re changing how we distribute and deliver business value via networking, and so network technology will inevitably change too, and this is a good time to look at what to expect.Growth in Internet dependence
First, the Internet is going to get a lot better because it’s going to get a lot more important. It’s not just that the top-end capacities offered will be raised, in many cases above 2 Gbps. Every day, literally, people do more online, and get more interactive, dynamic, interesting, websites to visit and content to consume. Internet availability has been quietly increasing, and in 2023 there will be a significant forward leap there, in large part because people who rely on something get really upset when it’s not working.To read this article in full, please click here READ MORE HERE…

Read more