Making the Case for an IT/OT Security Operations Center (SOC)

With the responsibility to keep their companies ahead of all enterprisewide threats, CIOs or CISOs certainly feel the pressure. Oftentimes these security leaders “grow up” in IT-centered roles, leaving them to feel they’ve got threat detection and response under control.

But, what about the operational technology (OT) side of the company? If operational disruptions or theft of intellectual property aren’t keeping them up at night, they should be. The absence of OT from the digital risk management mix frustrates CEOs and board members alike. That’s because industrial cyber risks continue to increase.

A key part of the solution is simple: an IT/OT SOC. For companies with an existing security operations center (SOC), no matter the model, OT systems can be integrated into the mandate of its existing function. We highly recommend this integrated approach – and the good news is that there is a straightforward way to include industrial threat oversight.


To manage enterprisewide digital risk, many organizations are integrating ICS security supervision into their IT practices, including developing an IT/OT SOC.

Why a Combined Approach to IT/OT SOCs?

A SOC is a team, sometimes working at a dedicated facility, whose primary role is to manage and mitigate cybersecurity threats. This team of security analysts and engineers monitors network and device activity to identify and thwart issues. As a result, they protect the business and its sensitive data, plus ensure compliance with industry and government rules.

SOCs can take many forms – from virtual to co-managed to a dedicated, in-house function. Choosing the right model will depend on a company’s needs and resources. Many companies are opting for a SOC over other options as they strive for more control over security monitoring and how they handle threat mitigation.

But, these SOCs often only include IT systems. As threats to OT systems intensify, there are several key reasons to add in OT and evolve into an integrated, enterprisewide SOC. They include:

  • Faster. By monitoring all systems in a centralized SOC, there’s less risk for communication breakdowns between separate OT and IT teams. You also eliminate the likelihood of incidents being dropped when passed between teams for handling
  • Cheaper. Instead of having two SOCs – one for IT and one for OT – it’s far more cost-effective to combine the two under one umbrella with shared resources, technology and facilities.
  • Better. To properly protect OT systems, it takes both IT skills and OT knowledge. Many teams find it easier to train IT people on OT sensitivities than to train OT people on IT cybersecurity skills. This is easier to accomplish with a unified SOC.
  • Broader. For full, integrated visibility to threats, an IT/OT SOC delivers the complete situational awareness needed to protect both the business and industrial sides of the organization.

“Organizations with both IT and OT struggle with the coexistence of two separate security and risk management functions. This leads to a dispersed view on the overall operational risk the organization is facing.”


“In a continuously evolving threat landscape, a single established security and risk management function is better-positioned to address these threats across both IT and OT. A single leader of this function can also be held accountable for the organization’s overall digital risk. As an added benefit, scarce security resources can now be deployed to address both IT and OT.”

Gartner, How to Organize Security and Risk Management in a Converged IT/OT Environment, 2017.

Transitioning to an IT / OT SOC – Three Key Considerations

While choosing to move to an enterprise-level SOC is an important choice, it will take time and thought to execute. OT systems come with security challenges that are unique. Meeting OT’s security needs will require a deeper knowledge and understanding by the overarching SOC team.

Before beginning a transition, consider and discuss how to tackle these three critical areas:

  1. Technology – It’s important to ensure that any solutions or software meet OT’s specific requirements and can also integrate seamlessly into the existing IT SOC infrastructure. Both are equally important. A gap on either side will create barriers to a successful transition. This is where Nozomi Networks comes in, with a solution specifically designed to address the needs of IT and OT.
  2. People Resources – An enterprise-level SOC is going to need people who specialize in industrial These new team members might work out of the company’s dedicated facility, or they could be part of a virtual or extended team. No matter how it’s resourced or staffed, expert industrial and OT knowledge will be a necessity. One way to keep costs down and avoid issues with sourcing quality staff is to keep the team members at one physical location and provide the appropriate cross-training.
  3. Accountability – The only way to truly bring IT and OT together into one SOC is to create a culture of unity, starting from the top down. First, it will be important to have the teams report to one leader – the person ultimately responsible for companywide cyber risk – and to share common goals and KPIs. Then, as teams begin to merge, they should go through exercises to get to know one another and understand the others’ priorities and challenges. The more quickly they can work seamlessly as a team, with speed and agility, the more successful the IT/OT SOC will be at achieving its goals and delivering business value. 

Enterprisewide Cyber-Resiliency: The Way Forward

A IT/OT SOC is a forward-thinking way to address and mitigate cyber risks companywide. A combined structure taps into the individual strengths of IT and OT team members, ultimately creating a faster, comprehensive and more cost-effective approach to digital risk management.

We believe this approach is not just a trend, but the future norm. That’s why Nozomi Networks has an easy and safe solution to help seamlessly integrate OT cyber security and visibility capabilities into IT infrastructure.

If you’d like to see our best-in-class ICS threat detection and monitoring solution in action, and experience how easy it is to work with Nozomi Networks, please contact us for a consultation or demo.

Or, to read further about the trend of IT/OT SOCs, download our complete Executive Brief “Integrating OT into IT/OT SOCs” available below.

Related Content to Download

Download the Executive Brief: “Integrating OT into IT/OT SOCs”

This document explains:

  • How an IT/OT SOC reduces digital risk
  • The challenges of securing OT systems
  • Key considerations for a SOC transition
  • Selecting the right OT Technology
  • Why choose Nozomi Networks



Upcoming Webinar

If you’d like to find our more about selecting OT cyber security technology, don’t miss the webinar:


“Approaching Cybersecurity Vendor Selection in OT Environments”
December 12th, 2018, 11am PT



Related Links


The post Making the Case for an IT/OT Security Operations Center (SOC) appeared first on Nozomi Networks.

*** This is a Security Bloggers Network syndicated blog from Nozomi Networks authored by Heather MacKenzie. Read the original post at: