cPacket NOC–SOC Convergence: Compliance

At Security Field Day 13, cPacket explored how Network Observability empowers SecOps teams to elevate their threat detection and response. In this session, they shifted the lens to NetOps, examining the growing convergence between NOC (Network Operations Center) and SOC (Security Operations Center) workflows. As performance and security become inseparable in hybrid and zero-trust environments, NetOps teams must adopt tools and practices that support both operational resilience and threat visibility. cPacket demonstrated how packet-based observability bridges this gap, enabling NetOps to detect lateral movement, validate policy compliance, and collaborate more effectively with security teams through shared context and real-time data. They emphasized that security is a top concern for all organizations, and the network provides crucial insights to surface issues like malware and vulnerabilities.

Ron Nevo explained how cPacket’s solution empowers NetOps to contribute significantly to the organization’s security posture. Their Deep Packet Inspection (DPI) engine extracts relevant information from every session, including DNS queries and HTTPS queries, even from encrypted traffic (e.g., domain names, TLS certificate validity). This raw data can be used to generate dashboards and reports that feed into security tools. A compelling demonstration involved using an LLM (Large Language Model) to prompt the system to generate a Grafana dashboard tailored to specific HIPAA regulations. This highlights the platform’s ability to create customized compliance reports without requiring deep knowledge of the underlying visualization tools, extending the reach of network observability for security and auditing purposes.

The discussion acknowledged that while AI can create sophisticated reports and highlight suspicious activities (e.g., identifying suspicious domain names by filtering out known benign traffic), human expertise remains crucial for validation and full compliance. The goal is not to replace human operators but to provide them with powerful tools that streamline data analysis, automate report generation, and surface critical insights. By integrating network insights directly into SOC tools and workflows, cPacket enables proactive detection of anomalies and alerts, strengthening the overall security posture and fostering better collaboration between network and security teams. The ultimate aim is to provide the right data to the right person or tool at the right time, enhancing the ability to respond to and prevent security incidents.