Posts

Webinar – How To Automate Pre- & Post-Patch Management

The Virtual NOC Operator, Part I – Using Automation to Keep Your Network Fully Operational

The Virtual NOC Operator, Part I – Using Automation to Keep Your Network Fully Operational

With the current world health crisis forcing more organizations to enable employees to work from home, and industry analysts forecasting a year or more until we return to “normal” (whatever that may actually look like), businesses across the globe are scrambling to minimize disruption as much as possible.

This is impacting NOC staff as much as everyone, perhaps even more-so, given the fact that they are used to working in a ‘war-room’ type setting in which everyone is physically present. This will inevitably need to change. Thankfully, technology like IT process automation is here to lessen the blow.

Whether you work in a dedicated Network Operations Center (NOC) or operate something similar as part of a team that processes incoming tickets, you’ve probably already heard about the concept of NOC automation. Perhaps you’ve bought into the idea that this technology will all but eliminate the need for human workers. This isn’t necessarily the case, per se, but it can provide the augmentation and virtual support to not only get your organization through this crisis, but thrive well beyond it.

In part one of our three part blog series, we’ll be exploring five ways to keep your network fully operational, despite the critical external circumstances we’re all experiencing. Read on to learn more.

Enable Self-Service End-User Support

NOCs and their smaller counterparts handle an incredibly high number of tickets on a daily basis. Logic predicts that the greater the volume of tickets, the more challenging it becomes to do your job effectively. Given the current situation, demand for IT support is through the roof.

With NOC automation, much of the repetitive day-to-day tasks can be shifted to machine and the entire alert process can be streamlined and optimized. Add in the option of self-service automation, which allows the end-user to handle many of their own simple requests, like password resets, and the skilled IT pros are suddenly freed up to apply their time and talent to more mission-critical tasks.

Enhance Communication

When an incident occurs in a busy NOC environment, it’s alarmingly easy for the process to hit a bottleneck or become lost in the shuffle, especially during a worldwide pandemic. The front-line employee may initiate a request immediately, but if that process isn’t managed properly, there’s no telling where it will go from there. NOC automation is specifically designed to streamline the notification and escalation process so that everything moves through the pipeline in a smooth, timely manner.

When IT staff responds to a notification, an automatic follow-up message can be triggered after a pre-defined timeframe. When the problem is resolved, the incident is closed and a recovery notification is distributed. If the problem remains open, an alert is automatically sent to the system administrator for further review and attention. This ensures that the lines of communication always remain open and flowing freely to eliminate costly delays.

Improve Incident Management

When an incident is triggered and a NOC employee is available to handle it, there’s usually no issue. But what happens if that person isn’t available, or doesn’t have the capacity to respond in a timely manner, such as is frequently the case with work-from-home arrangements? The risk of a ticket sitting in limbo is greatly increased without some type of automated strategy in place. When NOC automation is implemented, the incident management process is much more efficient.

When an incident is triggered, the appropriate representative is notified. Here’s where technology really makes a difference. Should that person fail to respond in a specified amount of time, the system automatically escalates the incident to the next person in line, and so on. Furthermore, notifications and responses can be sent in a variety of ways, including email and SMS, which makes the entire process easier.

Better Insight for Improved Best Practices

NOC teams that perform at their best recognize that it requires continuous process improvement to stay a step ahead of the game. This is achieved through detailed, strategic reporting and analysis. Done manually, this can be a bear to perform and is probably at the top of the list of the least enjoyable tasks.

The good news is, NOC automation is capable of enhanced tracking and reporting, which means that the necessary data will be available ad-hoc at the click of a button. Advanced analytics can then be performed to help identify and develop best practices for ongoing success and future improvement.

Escalation to Management or Clients

Depending on the type of service your NOC provides, keeping customers in the loop on the status of incidents may be a requirement. Furthermore, those in leadership roles within your organization, including executive management and possibly even specified shareholders, should be kept abreast of the status of things like significant outages. In either of these cases, figuring out who needs to know what, who will be in charge of spearheading this communication and executing an open dialogue can be a challenging and time-consuming task.

With NOC automation, alerts can be automatically sent to designated parties so they are kept in the loop and workflows can be set up to notify other business stakeholders about critical incidents. Additionally, in-depth reports on incident resolution performance and mean time to repair (MTTR) can be generated to satiate management and keep them in-the-know, reducing the need for follow-ups and manual status reports.

In conclusion, NOC automation is not poised to take over and replace human workers, but rather it is designed to enhance and complement the skilled personnel working within. And at a time when the world is busy trying to navigate through a crisis of epic proportions, relying on technology has never been more important.  

Want to experience for yourself just how these benefits can play out in your NOC? Start a free trial of Ayehu NG today by clicking here.

Why Your SOC and NOC Should Run Together but Separately

The similarities between the role of the Network Operation Center (NOC) and Security Operation Center (SOC) often lead to the mistaken idea that one can easily handle the other’s duties. Furthermore, once a company’s security information and event management system is in place, it can seem pointless to spend money on a SOC. So why can’t the NOC just handle both functions? Why should each work separately but in conjunction with one another? Let’s take a look a few reasons below.

First, their roles are subtly but fundamentally different. While it’s certainly true that both groups are responsible for identifying, investigating, prioritizing and escalating/resolving issues, the types of issues and the impact they have are considerably different. Specifically, the NOC is responsible for handling incidents that affect performance or availability while the SOC handles those incidents that affect the security of information assets. The goal of each is to manage risk, however, the way they accomplish this goal is markedly different.

The NOC’s job is to meet service level agreements (SLAs) and manage incidents in a way that reduces downtime – in other words, a focus on availability and performance. The SOC is measured on their ability to protect intellectual property and sensitive customer data – a focus on security. While both of these things are critically important to the success of an organization, having one handle the other’s duties can spell disaster, mainly because their approaches are so different.

Another reason the NOC and SOC should not be combined is because the skillset required for members of each group is vastly different. A NOC analyst must be proficient in network, application and systems engineering, while SOC analysts require security engineering skills. Furthermore, the very nature of the adversaries that each group battles differs, with the SOC focusing on “intelligent adversaries” and the NOC dealing with naturally occurring system events. These completely different directions result in contrasting solutions which can be extremely difficult for each group to adapt to.

Lastly, the turnover rate in a SOC is much higher than that of a NOC. Perhaps it’s the very nature of the role, but the average employment time for a level 1 SOC analyst is around 2 years or less. Tenure of a NOC analyst is much longer. It only stands to reason, then, that asking a NOC analyst to handle their own duties and also take on those of SOC will likely result in a much higher attrition rate overall.

The best solution is to respect the subtle yet fundamental differences between these two groups and leverage a quality automation product to link the two, allowing them to collaborate for optimum results. The ideal system is one where the NOC has access to the SIEM, so they can work in close collaboration with the SOC and each can complement the other’s duties. The SOC identifies and analyzes issues, then recommends fixes to the NOC, who analyzes the impact those fixes will have on the organization and then modifies and implements accordingly.





eBook: 5 Reasons You Should Automate Cyber Security Incident Response




Why You Should Also Automate Your NOC Incident Response

NOCRecently, we shared some compelling reasons why incident management should be the next process you automate. Today, we’d like to take it a step further and offer some insight as to why NOC incident response is also a critical process that can benefit greatly from automation.

These days, many larger organizations employ their own network operations center, or NOC, to help monitor and manage any incidents that may occur across the infrastructure. The NOC team is responsible for making sure systems are running smoothly so that production and efficiency can remain high. The way they achieve this goal is through incident management and response.

When a situation arises, such as a service interruption or some other significant incident, the NOC receives word via their monitoring system. Once they’ve identified an issue, they must initiate an incident response, which will in turn notify the appropriate parties, providing the necessary information so they can begin working to resolve the problem.

Critical issues must be addressed quickly, as any down time can have a tremendous negative impact on the organization, from lower revenue to lost customers. This puts a lot of pressure on NOC managers to handle any and all incidents with the utmost attention given to quality and turnaround time. The problem comes into play when businesses are still relying on antiquated systems to manage their incident response processes. The result is a huge margin for error and unnecessary delay.

Enter IT process automation. This allows NOC managers to pre-define notification and escalation procedures across multiple shifts and various roles. When incident response is automated, it guarantees that not only will critical alerts reach the right parties, but that they will also be received and handled in the most timely and efficient manner. The element of human error is eliminated, thereby improving the entire process.

IT automation can also add a level of sophistication to the incident response process. With the right automation tool, incidents can be managed remotely from anywhere. Human decisions can also be factored into the procedures as needed, with workflows proceeding as defined and pausing to allow key decision makers to provide instruction and input before continuing on to automated completion. Furthermore, a quality automation solution will also provide full transparency throughout the entire incident management process. This ensures that every critical incident is handled just as it should be.

The ultimate goal of any NOC is to reduce downtime as much as possible. Automating incident response can help cut incident recovery time by up to 90% – a feat that would be nearly impossible without the right technology in your corner. This helps to reduce the impact of system outages and other critical issues, ensuring business resilience and maximizing ROI.

With that said, if your NOC isn’t yet leveraging the power of automation to help optimize your incident response process, your organization is most certainly missing out. The good news is it’s never too late to start!





eBook: 5 Reasons You Should Automate Cyber Security Incident Response