Fortinet: Secure your NOC with AI-driven detection and response
Jon McGettigan, Fortinet ANZ Regional Director, introduces a set of strategies to extend and enhance the security functions of your Network Operating Centre (NOC).
Managing your network has never been easy. Traffic levels fluctuate and users and applications come and go. But now, with the rise of remote workforces and cloud-based services, maintaining visibility and control over the full spectrum of network services is more challenging than ever.
This is especially true if your network relies on a heterogenous mix of point solutions and hybrid clouds. Indeed, the more complex the network infrastructure, the more difficult it becomes to control network operations and respond to events in a timely manner.
Further, as your network reaches beyond the core, embraces edge computing and expands into the cloud, adversaries have a much broader attack surface to target. Your challenge is to consolidate the visibility and control functions of your NOC (network operations centre) and merge the detect and response functions of your SOC (security operations centre) into a single, integrated fabric that can react in real time to all events, both internal and external.
NOC functions: visibility and control
The role of your NOC is to ensure that all network components orchestrate to provide the service levels that users expect. Each time you roll out a new service, such as a web app or IoT feed, you need to integrate it into your NOC processes to maintain visibility and control.
Part and parcel of NOC functionality are the three As: authentication, authorisation and accounting. You need to control who or what can access the network (authentication), which services they can utilise (authorisation) and what they do during their session (accounting).
The trick is to be able to monitor and control the three As for your entire network, physical or virtual, inside the core, at every edge and into the cloud from a single console or dashboard. Further, you need to be able to detect and respond to any security event anywhere on the extended network before it affects QoS.
Adding SOC capabilities - detection and response - to your NOC processes
Visibility and control are at the heart of your NOC. Detecting and responding to security events is the role of your SOC. Merging their functions reduces risk. The more commonality between the two, the better your chances of avoiding service interruptions.
Maintaining visibility, control, detection and response across heterogeneous point solutions can be problematic. Before you can successfully merge NOC/SOC functions, it is essential to standardise your security services and extend them into every node on the network.
Once you have a standardised security fabric (ie an integrated security solution that covers all network components inside your network, at each edge and into the cloud) in place, you'll be able to automate many NOC/SOC functions and provide a framework for coordinated responses to security incidents via SIEM (security information and event management) and SOAR (security orchestration, automation and response).
Further, consistent security services can take advantage of advanced analytics based on Artificial Intelligence to predict where, when and how threats might endanger network operations and pre-empt malicious activity before it causes any damage.
Adding SOC capabilities to your NOC can be achieved in incremental steps, building on your legacy policies and infrastructure. By building a common security framework that extends and enhances your NOC capabilities you can maintain the visibility and control you want whilst adding the detection and mitigation capabilities you need.
About the author
Jon McGettigan is Fortinet's Regional Director Australia, New Zealand - Pacific Islands. As such, he is responsible for driving Fortinet's continued expansion in the region through building and maintaining relationships with businesses, Partners and staff. As a senior executive, he understands the risks, motivations and opportunities that face enterprises as they transform their networks into 21st century revenue centres.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider and government organisations around the world. Fortinet empowers customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networked, application, multi-cloud or edge environments.
Fortinet ranks #1 in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses. Both a technology company and a learning organisation, the Fortinet Network Security Expert (NSE) Training Institute has one of the largest and broadest cybersecurity training programs in the industry. Learn more at the Fortinet website, the Fortinet Blog, or FortiGuard Labs.