After several years of decline, the security operations center (SOC) is back as organizations seek to keep pace with constantly shifting security threats. According to a recent report, almost 90 percent of organizations have implemented a SOC either internally or externally. Unfortunately, the implementation of a SOC doesn’t necessarily equate to improved security — 93 percent of SOC managers admit that they are overwhelmed by security alerts and unable to prioritize potential threats.
The purpose of a SOC is to enhance an organization’s ability to prevent, detect and respond to security incidents by centralizing monitoring and mitigation efforts. SOC personnel use information gathered from a variety of sources to identify, investigate, analyze and manage threats. By aggregating and consolidating security data, a SOC provides security analysts with the context needed to triage threat mitigation and incident response activities.
Many of those same activities fall under the purview of the network operations center (NOC). Organizations that operate both a SOC and a NOC can increase efficiencies and gain greater visibility and control by integrating workflows and analysis.
NOC/SOC integration can also help to bridge the cybersecurity skill gap. In a recent global survey, 66 percent of respondents said they don’t have enough skilled personnel to address current cybersecurity threats. The workforce shortage combined with the complexity of today’s IT environments demands a new approach to security management with integration across multiple disciplines.
Fortinet has introduced a new management and analytics solution that breaks down NOC/SOC silos and automates IT processes and security response. Building on the Fortinet Security Fabric architecture, Fortinet has combined the latest capabilities of FortiManager 6.0, FortiAnalyzer 6.0 and FortiSIEM 5.0 to enable a NOC/SOC approach to management.
- FortiManager, Fortinet’s centralized security management tool, now natively manages FortiAnalyzer, incorporating all data, analysis, control and perspective in a single pane-of-glass view of NOC and SOC operations.
- FortiSIEM brings together the operational context of a full configuration management database, including accurate, up-to-the-minute status on all assets, while proactively searching and adding new assets as they come online.
- A fabric topology within FortiManager and FortiAnalyzer graphically displays a map of current assets, their status and security threats, in both private and public cloud environments.
- A new Security Rating feature combines analytics from FortiGate, FortiAnalyzer and FortiManager with threat intelligence services from FortiGuard to provide a quantifiable security posture.
- New Incident Response tracking capabilities allow users to automate response based on predefined triggers (system events, threat alerts, user and device status) or through direct integration with ServiceNow IT Service Management (ITSM).
The solution coalesces the operational context of the NOC, such as system status, network performance and application availability, with the security insights of the SOC, including the identification and remediation of breaches, data exfiltration and compromised hosts. Once a threat is identified, SOC teams have a real-time view of all assets, their current state and who owns them, allowing them to immediately understand the scope of the threat and automatically orchestrate action to remediate damage.
This intersection of operations and security has become critical for cyber defense and risk management in today’s dynamic business environments. Let Sequel show you how Fortinet’s integrated suite of tools help you maximize the value of your SOC through NOC integration.