What you’ll learn (TL;DR)
The challenge is sifting through all those metrics and data points to identify which ones best capture true operational performance and measure them accurately so operational improvement can be targeted where it needs to be.
This guide dives into one of the “MTTR” metrics most impacted by the NOC and service desk versus other stakeholders in the ITSM workflow: mean time to restore.
Having spent the last 20+ years helping enterprises, service providers, and OEMs improve the support provided to their customers and end-users through a suite of NOC solutions, we wrote this guide to demystify mean time to restore, put it in a useful context, and identify a few challenges and strategies in measuring and improving it.
Table of contents
The core of a robust Network Operations Center (NOC) lies not just in its technology and operations but in its security posture and certifications. At INOC, we take every opportunity to ensure our clients are fully protected through our internationally-recognized security standards across all areas of our NOC.
This guide briefly covers five essential security requirements that every modern NOC should possess to effectively protect against threats and maintain a high trust level among end users and customers. These aren’t just theoretical best practices; they're the methods that we at INOC implement to maintain the integrity and security of our systems around the clock.
From meticulously managed Access Control (RBAC) to regular security and vulnerability assessments, these safeguards form the frontline defense against potential threats. We'll also touch on our journey in maintaining the ISO certification and how it informs and enhances our security measures.
Interested in learning more about INOC’s security program? Head to our Security & ISO Certification page for a brief overview, or contact us with specific questions.
1. Access Control (RBAC)
A robust NOC needs an efficient access control system, which is realized through the Role-Based Access Control (RBAC) mechanism.
The concept of RBAC is built on the premise that not every individual within the organization requires unrestricted access to all information. Only specific roles need access to particular data sets or systems, and these roles and their associated access levels must be meticulously managed.
At INOC, we maintain an extensive RBAC system. This system encompasses all roles in our organization, including every position and third-party contractors. Alongside these roles, we detail the potential permissions each role may require. The objective is to ensure that access is granted on an 'as-needed' basis, limiting the potential for misuse of sensitive data.
A combination of scripts and approval from our security advisory board helps automate the process of granting access, ensuring the right permissions are provided quickly and efficiently. However, the principle of least privilege remains a cornerstone of our approach. This principle means that each role is allocated only the minimum permissions necessary for its responsibilities, minimizing the risk of unauthorized access.
"We continuously operate on the principle of least permissions—granting only the minimum permissions needed whenever possible."— Rick Smith, VP of Customer Advocacy and ISMS Manager, INOC
2. Network Segmentation
Network segmentation is another fundamental aspect of NOC security. It's a process of dividing a network into sub-networks, each being a network segment or network layer. In the context of a NOC, network segmentation can take different forms depending on the level of access required by different users.
At INOC, we employ firewalling for specific databases or systems that should be accessible only by certain roles within the NOC. One prevalent example of this is the creation of guest networks. These networks provide visitors or external users with Wi-Fi access but effectively isolate them from the NOC's internal systems. This separation protects the NOC's internal operations from potential threats that could be inadvertently introduced by guests and adds an additional layer of protection to the NOC's security posture.
"Our guest networks are a simple but critical example of network segmentation in and around the NOC. A guest network grants access to Wi-Fi but separates outside users from internal users, preventing unauthorized persons from accessing internal systems."— Rick Smith, VP of Customer Advocacy and ISMS Manager, INOC
3. Intrusion Detection and Prevention
Securing a NOC involves monitoring all network traffic and data in real time, which requires implementing robust intrusion detection and prevention systems (IDPs). These systems serve as the virtual 'watchdogs' of the network, alerting the team to any abnormal behavior or potential threats.
The IDPs consistently scrutinize the network for any signs of compromise, including cyberattacks or unauthorized intrusions. These systems can also be configured to automatically take corrective action when detecting an anomaly. This function is crucial in maintaining the integrity of the network, especially when handling a vast amount of data that can be challenging to monitor manually.
"Real-time alerts on any unusual activity or cyberattack attempts are vital to keeping the integrity of our network."— Rick Smith, VP of Customer Advocacy and ISMS Manager, INOC
4. Logging (SIEM)
Effective logging is another essential requirement for a modern NOC, and that's where Security Information and Event Management (SIEM) systems come into play. At INOC, our SIEM system meticulously logs all access attempts and activities within the network.
This process is vital in identifying potential security breaches in real time and taking immediate action to prevent any harmful consequences.
"If somebody is trying to compromise a box, the logs pick that up, and that goes to the SIEM. The SIEM can then alert us and say, 'Hey, someone's trying to break into your box or application.'"— Rick Smith, VP of Customer Advocacy and ISMS Manager, INOC
5. Routine Security and Vulnerability Assessments
To ensure the safety of our NOC, we conduct regular security audits and vulnerability assessments. These are performed on a weekly basis, where we employ a continually updated service that scans our software and hardware for vulnerabilities. If the scanner detects a vulnerability, it informs us about the specific software or hardware, and we can take appropriate action to remediate the issue.
We also conduct annual penetration (PEN) testing of our infrastructure as part of maintaining our ISO certification. These audits involve hiring a third party to attempt to hack our infrastructure, providing us with a clear picture of our potential vulnerabilities.
We also organize quarterly phishing campaigns, where a third-party partner sends fake phishing emails to all our staff to assess their ability to identify and avoid such threats.
On top of that, we insist on regular security awareness training for our staff. We utilize a third party to provide comprehensive content and quizzes, ensuring all our employees understand the potential threats and how to deal with them effectively.
"Regular audits and vulnerability assessments each week ensure no vulnerabilities exist within our software and hardware. Annual PEN testing of all infrastructure is another important way to detect vulnerabilities.'"— Rick Smith, VP of Customer Advocacy and ISMS Manager, INOC
ISO Certification: 2013 transitioning to updated 2022 standard
Our ISO certification affirms our commitment to maintaining a high standard of security and control. It comprises two main components: Mandatory controls and Annex controls.
The Mandatory controls are the essential criteria that an organization must meet to maintain its certification. Meanwhile, Annex A contains 114 controls for the 2013 ISO certification. If any criteria are not met during an audit, we are given either a minor finding, which we must rectify within 90 days, or a major finding, which must be addressed within 30 days. Occasionally, an auditor may also issue a Request For Information (RFI) as a suggestion for enhancing our operations.
As we transition to the ISO 2022 certification next year, we’ll continue to meet and exceed the stringent requirements, ensuring the safety of our network and the data we handle.
Final Thoughts and Next Steps
To recap these security essentials for the modern NOC:
- A robust NOC requires an efficient RBAC system that meticulously manages access to information. It’s important to ensure that access is granted on an 'as-needed' basis, minimizing potential misuse of sensitive data. Automation, alongside the principle of least privilege, is critical for a quick and efficient access control process.
- Network segmentation is crucial for NOC security. This involves dividing the network into sub-networks, each with different access levels. Firewalls and guest networks provide an extra layer of security, effectively separating internal and external users to prevent potential threats.
- IDPs serve as the virtual 'watchdogs' of the network, providing real-time alerts on any unusual activity or potential threats. Automated corrective action when anomalies are detected helps maintain the network's integrity.
- Effective logging using SIEM systems is essential for identifying potential security breaches in real time and taking immediate action to prevent harmful consequences.
- Regular security audits and vulnerability assessments, including annual PEN testing and quarterly phishing campaigns, help identify and rectify potential vulnerabilities. Continual security awareness training for staff is key to effective threat identification and management.
- ISO certification, comprising mandatory controls and Annex controls, is a clear testament to an organization's commitment to maintaining high security standards. Addressing minor and major audit findings within specified timelines helps meet and exceed the stringent ISO requirements, ensuring network safety and data protection.
Here at INOC, we meet rigorous international standards in ensuring the confidentiality, integrity, and availability of customer data, systems, and infrastructure being monitored and managed by our network operations centers. We’ve built a comprehensive security team that covers staff roles in compliance, technical, and SOC operations to maintain our ISMS.
Our security program includes:
☑️ 7-year background checks, including drug screening
☑️ SOC 2 Type II — Dual primary data centers
☑️ Centralized Access — Secure NOC facilities, KeyCard access
☑️ Complete client separation — Connectivity, Server, Databases, Reporting
☑️ A dedicated security team — Administrative and technical staff
☑️ Security certifications — ISO 27001 certified NOC, NERC CIP compliance (energy), US Privacy Shield, CAS(T) compliant (UK)
In keeping with our standard of technical integrity, we have achieved, and continue to maintain, ISO 27001:2013 certification for our ISMS.
This certification, bestowed on the successful completion of a formal audit process, is evidence that we have met rigorous international standards in ensuring the confidentiality, integrity, and availability of customer data, systems, and infrastructure being monitored and managed by the INOC Network Operations Centers.
The ISO 27001:2013 certification provides all of our clients with the peace of mind of knowing that their data and information are protected.
Have questions about our security posture or want to learn more about building, optimizing, or outsourcing your NOC? Our NOC solutions enable you to meet demanding infrastructure support requirements and gain full control of your technology, support, and operations. Contact us to see how we can help you improve your IT service strategy and NOC support, and be sure to download our free white paper below.
Free white paper Top 10 Challenges to Running a Successful NOC — and How to Solve Them
Download our free white paper and learn how to overcome the top challenges in running a successful NOC.