Enterprises that run their own IT systems, or rely on service providers managing it for them, normally have several different teams providing network operations, security operations and overall service management. What’s interesting about this approach is that there is often duplication of effort across these groups, with cyber security insights gained in any team other than security falling into an operational void. Let’s look at the justification for conjoined network and security operations teams, as well as the tools and processes they might use to do their job.
Network Ops and Security Ops
Network operations teams manage the health of the enterprise’s network, managing routers, switches, network quality of service and troubleshooting issues with connectivity when users or systems go offline. The systems used by network operations teams are powerful administrative tools capable of analysing, at the packet level, the data traversing the business’s wired ethernet networks, Wi-Fi systems and even out to its cloud connected-systems.
The security operations team will look at systems from the perspective of potential compromises and identify possible attacks and patterns of user behaviour that might be indicative of malicious intent. Security analysts monitor similar tools to that of the network team, just looking at the data through a different lens…Click here to read full article.