I was just reading this article
by Kelly Jackson Higgins at Dark Reading about companies converging
NOCs and SOCs. While the article's topic was very interesting, one
quote hit me in particular:
But that doesn't mean the NOC and SOC will completely
merge. In fact, security analysts say you need a healthy separation
between some duties, especially where security policy implementation
and auditing is concerned.
While I agree with this premise of separation of duties of
network people and security people, it made me think along another
tangent (surprise, surprise). So many people are talking about
security and network convergence now. Security is moving more and more
into the edge (the edge is still there people!). UTM's and NAC are all
the rage. Non-security companies are snapping up small security
companies (EMC, Citrix, etc.) The stuff is coming together, and
security is the central focus of it all.
Read the full post by Michael R. Farnum. More and more people are moving to ITIL's idea of managing security. This means having your security team manage risk, write policy, and monitor compliance. The entire IT department is your security implementors. This requires education and tools for support, networking, and development to identify and mitigate security threat. I would like to mention, that I have been helping IT companies merge their SOC and NOC for about a year now using IBM Tivoli Security Operations Manager. It's really cool to see the rag-tag security team being integrated into the corporate fold.