Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Why Network and Security Operations Centers Should be Doing More

Effective Network Management Should Never be Restricted to Operations-only or Security-Only Perspectives.

Effective Network Management Should Never be Restricted to Operations-only or Security-Only Perspectives.

If your organization is like most, you are in the middle of radically rethinking your business strategy to address the realities of today’s digital marketplace. And more often than not, this includes redesigning your networked infrastructure – something that, until recently, hasn’t really evolved for a long time.

The ongoing requirement to continually adapt your network to the demands of the new digital marketplace has taxed the resources of most IT teams. Systems engineers traditionally focused on managing a core network are now being spread thin with developing virtual environments, architecting of multi-cloud infrastructures, managing a growing numbers of endpoint and IoT devices, and keeping an eye on Shadow IT inside the organization. 

Many IT professionals now say they often feel overwhelmed, and that they have less of a handle on what’s happening inside the network than ever before. Part of the reason is that network projects are not being approached holistically. Most organizations operate in a fire-fighting mode, resulting in resources being applied only when issues are about to – or already have – become critical. 

Which means that development efforts are often siloed. In many organizations, distributed data centers, cloud architectures, IT/OT convergence, rapid consumer and employee application development, and massive IoT implementations are being run as separate projects. And more often than not, are the domains of completely separate teams inside the organization, each with their own set of network and security technologies being deployed as part of the solution. In such an environment, visibility, control, and security are far too often being traded for expediency.

Consolidating management

The challenges of an organically developed and fragmented infrastructure have further enabled an alarming increase in cyber events and data breaches, often in spite of a significant investment in security tools. The issue isn’t that there aren’t security devices in place. The issue is that these solutions almost always operate in isolation, and that security and operations teams rarely have clear and consistent insight into what is happening across the network. 

To address this, many organizations have deployed a Network Operations Center (NOC) and a Security Operations Center (SOC) solution to increase visibility, centralize management, and improve control. But even these systems are still far too isolated to address the challenges resulting from today’s hyperconnected and hyperdistributed networks. Even with centralized NOC and SOC solutions in place, the teams running them tend to still be siloed, and as a result are only focused on half of the equation. 

The gaps between these approaches, and specifically, the data they don’t share, often leaves gaps in the knowledge needed to do either job effectively. Security deployments that don’t have consistent insight into business requirements or operational processes can cripple network performance by placing inefficient or slow security devices in the middle of performance-sensitive workflows or applications. Likewise, network management systems focused exclusively on performance and throughput measurements can leave critical resources vulnerable and exposed.

Closing the gap between management strategies

Even though a NOC or a SOC consolidates a variety of tools and measurements into a single management system, they are still too isolated. Rather than this siloed approach, what’s needed is a new approach, with a system that can bring security visibility and control into the NOC, and provide operational requirements and network and workflow visibility to the SOC. By combining these systems into a single, holistic solution organizations can focus on the bigger picture of “secure throughput” that can streamline operations while managing and even anticipating critical security events. 

This new approach could also help overworked IT teams operate with the benefit of the other’s perspective, and enable organizations to realize a new level of protection and operational management that can simultaneously adapt to network changes. Not only will this added insight allow organizations to see events more clearly, but it also enables the development of effective automation that allows the network to respond to an event at digital speeds without impacting critical business processes. 

For example, once a threat is identified, not only would security engineers immediately understand the scope of a threat, including a real-time view of all networked assets, including their current state and who owns them, but the event could also automatically orchestrate an action that leverages both network and security resources. Such an intersection between operations and security will be key for establishing the sort of flexible defensive posture and adaptable risk management strategy required to protect today’s dynamic environments and business operations. 

Effective network management should never be restricted to operations-only or security-only perspectives. In today’s complex ecosystem of hyperconnected digital networks, NOC-only or SOC-only techniques are insufficient. A unified approach to secure network operations, on the other hand, effectively mitigates resource constraints while closing the gaps inherent in isolated management strategies.

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...