Why it makes sense to converge the NOC and SOC

It’s been 17 years and counting since Nemertes first wrote about the logic of integrating event response in the enterprise: bringing together the security operations center (SOC) and network operations center (NOC) at the organizational, operational, and technological levels. Needless to say, this has not happened at most organizations, although there has been a promising trend toward convergence in the monitoring and data management side of things. It’s worth revisiting the issue.Why converge?
The arguments for convergence remain pretty compelling:
Both the NOC and SOC are focused on keeping an eye on the systems and services comprising the IT environment; spotting and understanding anomalies; and spotting and responding to events and incidents that could affect or are affecting services to the business.
Both are focused on minimizing the effects of events and incidents on the business.
The streams of data they watch overlap hugely.
They often use the same systems (e.g. Splunk) in managing and exploring that data.
Both are focused on root-cause analysis based on those data streams.
Both adopt a tiered response approach, with first-line responders for “business as usual” operations and occurrences, and anywhere from one to three tiers of escalation to more senior engineers, architects, and analysts.
Most crucially: When something unusual happens in or to the environment (that router is acting funny), it can be very hard to know up front whether it is fundamentally a network issue (that router is acting funny – it has been misconfigured) or a security issue (that router is acting funny – it has been compromised) or both (that router is acting funny – it has been misconfigured and is now a serious vulnerability). Having fully separate NOC and SOC can mean duplicative work as both teams pick something up and examine it. It can mean ping-ponging incidents that bounce from one to the other, or incidents that neither picks up, thinking the other has or will.

At the very least, the lower tiers of separate NOC and SOC operations should be converged, so that there is neither duplication nor a game of hot potato as staff try to figure out what a problem actually is, and whether the response will be network focused, security focused, or both. Maintaining separate or semi-separate escalation paths is supportable given that lower-level convergence.To read this article in full, please click here READ MORE HERE…

Read more

Cisco expands its SD-WAN software for wider reach, better security

Cisco has broadened the scope of Cisco SD-WAN software by growing its reach and security, and expanding its support for deploying multi-region WAN fabric.The idea behind the new features is to help manage the complexity and security of connecting to cloud resources from the edge of the network, said JP Shukla, director, product management, in Cisco’s Enterprise Cloud & SD-WAN group. “They want to connect these users as reliably and securely as these users would be in an office environment,” he said.
[ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here READ MORE HERE…

Read more

IP addressing could support effective network security, but would it be worth it?

Why is it that over 90% of enterprises tell me that they expect to spend more on security over the next three years, and almost 60% say they expect to spend less on networking? We obviously think that network technology is getting more efficient, more competitive. Why isn’t that the case for security? The short answer is that enterprises have been chasing acronyms and not solutions.Acronym-chasing comes about because by nature, security is hard to plan for. The average network expert finds out there’s an issue because some higher-up reads or hears about a breach. Maybe they do a quick search, and they find out that what they really need is SASE. Or maybe they need SSE, which we’re told is SASE without SD-WAN. In any event, what happens is that there’s pressure to add this new thing on, and that creates another layer of protection…maybe.  Complication and cost? Surely.To read this article in full, please click here READ MORE HERE…

Read more

Basing network security on IP addressing: Would it be worth it?

Why is it that over 90% of enterprises tell me that they expect to spend more on security over the next three years, and almost 60% say they expect to spend less on networking? We obviously think that network technology is getting more efficient, more competitive. Why isn’t that the case for security? The short answer is that enterprises have been chasing acronyms and not solutions.Acronym-chasing comes about because by nature, security is hard to plan for. The average network expert finds out there’s an issue because some higher-up reads or hears about a breach. Maybe they do a quick search, and they find out that what they really need is SASE. Or maybe they need SSE, which we’re told is SASE without SD-WAN. In any event, what happens is that there’s pressure to add this new thing on, and that creates another layer of protection…maybe.  Complication and cost? Surely.To read this article in full, please click here READ MORE HERE…

Read more

Drone demo shows it’s possible to protect 5G-managed devices from DDoS, exfiltration attacks

A demonstration earlier this year at Stanford School of Engineering proved that a small fleet of computer-controlled drones can maintain their flight integrity in the face of continual cyberattacks on the 5G network used to manage the devices through the deployment of software-defined networking (SDN).For enterprise IT pros charged with securing devices wirelessly across a 5G network, the drone test results are promising evidence that SDN can help networks under cyberattack to recover almost instantaneously.To read this article in full, please click here READ MORE HERE…

Read more

5 steps for modernizing enterprise networks

The business value of the network has never been higher, and this is driven by digital transformation as borne out businesses accelerating their digital initiatives by as much as seven years due to the pandemic. This is had a profound impact on the enterprise network as most of the enabling technologies such as cloud, mobility and IoT are network centric.This intense focus on digital transformation has exposed many flaws with legacy networks. They are rigid, require intensive manual processes, and lack the agility and intelligence to meet the demands of digital business. Organizations need to make network modernization a priority if they are to maximize their investments in other technologies. Here are five steps that all businesses should consider when modernizing the network.To read this article in full, please click here READ MORE HERE…

Read more

10 competitors Cisco just can’t kill off

In compiling this iteration of our list of competitors Cisco can’t kill off, one thing is clear: The competition is fierce amongst the bigger players.Nearly all the networking giant’s competitors have refreshed their product lines or bought into technology to compete more closely with Cisco. But that’s not to say Cisco has been sitting still by any means.The 10 most powerful companies in enterprise networking 2021
The company has expanded and refreshed its core Catalyst, Nexus and Silicon One networking gear and made major strides in security and software. Going forward, it wants to lead the industry in network-as-a-service.To read this article in full, please click here READ MORE HERE…

Read more

Why the cloud will never eat the data center

Sometimes it’s hard to see gradual changes in technology paradigms because they’re gradual.  Sometimes it helps to play “Just suppose…” and see where it leads. So, just suppose that the cloud did what some radical thinkers say, and “absorbed the network”. That’s sure an exciting tag line, but is this even possible, and how might it come about?Companies are already committed to a virtual form of networking for their WAN services, based on VPNs or SD-WAN, rather than building their own WANs from pipes and routers.  That was a big step, so what could be happening to make WANs even more virtual, to the point where the cloud could subsume them?  It would have to be a data-center change.To read this article in full, please click here READ MORE HERE…

Read more

How the network can support zero trust

Simply stated, zero trust calls for verifying every user and device that tries to access the network and enforcing strict access-control and identity management that limits authorized users to accessing only those resources they need to do their jobs.Zero trust is an architecture, so there are many potential solutions available, but this is a look at those that fit in the realm of networking.[Get regularly scheduled insights by signing up for Network World newsletters.]
Least privilege
One broad principle of zero trust is least privilege, which is granting individuals access to just enough resources to carry out their jobs and nothing more. One way to accomplish this is network segmentation, which breaks the network into unconnected sections based on authentication, trust, user role, and topology. If implemented effectively, it can isolate a host on a segment and minimize its lateral or east–west communications, thereby limiting the “blast radius” of collateral damage if a host is compromised. Because hosts and applications can reach only the limited resources they are authorized to access, segmentation prevents attackers from gaining a foothold into the rest of the network.To read this article in full, please click here READ MORE HERE…

Read more

Tempered Networks simplifies secure network connectivity and microsegmentation

The TCP/IP protocol is the foundation of the internet and pretty much every single network out there. The protocol was designed 45 years ago and was originally only created for connectivity. There’s nothing in the protocol for security, mobility, or trusted authentication.The fundamental problem with TCP/IP is that the IP address within the protocol represents both the device location and the device identity on a network. This dual functionality of the address lacks the basic mechanisms for security and mobility of devices on a network.This is one of the reasons networks are so complicated today. To connect to things on a network or over the internet, you need VPNs, firewalls, routers, cell modems, etc. and you have all the configurations that come with ACLs, VLANs, certificates, and so on. The nightmare grows exponentially when you factor in internet of things (IoT) device connectivity and security. It’s all unsustainable at scale.To read this article in full, please click here READ MORE HERE…

Read more