|
 For this week's giveaway, we've teamed up with Plugable to offer MacRumors readers a chance to win a MacBook Neo and a Plugable ?MacBook Neo? accessory kit that includes the UD-6950PDH USB-C Docking Station, USBC-9IN1E USB-C Hub, and the PS-30C1 30W power adapter.
|
|
 Apple and Meta have opposed a Canadian bill that the companies say could force them to create backdoor access to encrypted user data, should it pass through the country's parliament.
|
|
It's been 17 years and counting since Nemertes first wrote about the logic of integrating event response in the enterprise: bringing together the security operations center (SOC) and network operations center (NOC) at the organizational, operational, and technological levels. Needless to say, this has not happened at most organizations, although there has been a promising trend toward convergence in the monitoring and data management side of things. It's worth revisiting the issue.
Why converge?
The arguments for convergence remain pretty compelling:
Both the NOC and SOC are focused on keeping an eye on the systems and services comprising the IT environment; spotting and understanding anomalies; and spotting and responding to events and incidents that could affect or are affecting services to the business.
Both are focused on minimizing the effects of events and incidents on the business.
The streams of data they watch overlap hugely.
They often use the same systems (e.g. Splunk) in managing and exploring that data.
Both are focused on root-cause analysis based on those data streams.
Both adopt a tiered response approach, with first-line responders for "business as usual" operations and occurrences, and anywhere from one to three tiers of escalation to more senior engineers, architects, and analysts.
Most crucially: When something unusual happens in or to the environment (that router is acting funny), it can be very hard to know up front whether it is fundamentally a network issue (that router is acting funny - it has been misconfigured) or a security issue (that router is acting funny - it has been compromised) or both (that router is acting funny - it has been misconfigured and is now a serious vulnerability). Having fully separate NOC and SOC can mean duplicative work as both teams pick something up and examine it. It can mean ping-ponging inciden
|
|
