1
00:00:00,200 --> 00:00:03,350
Network security, best practices and guidelines.

2
00:00:03,380 --> 00:00:08,330
Network security does not just end when we implement security products or processes.

3
00:00:08,360 --> 00:00:15,770
A network is a like a living and breathing organism that evolves with time but sometimes breaks down

4
00:00:15,770 --> 00:00:17,630
and needs maintenance.

5
00:00:17,870 --> 00:00:23,870
Apart from security issues, there are many common uses that can occur, so including network connectivity

6
00:00:23,900 --> 00:00:29,870
uses, power outages, network crashes and black holes in routing.

7
00:00:30,380 --> 00:00:37,430
Typically a security operations center, SOC is something that is the center of security monitoring

8
00:00:37,430 --> 00:00:38,360
and operations.

9
00:00:38,360 --> 00:00:44,810
But at the same time, a network operations center can play a very important role in a network resilience

10
00:00:44,810 --> 00:00:46,700
and optimal performance.

11
00:00:47,120 --> 00:00:52,340
In this section, we will take a look at some of the key attributes of the network operations center.

12
00:00:52,610 --> 00:00:59,330
A network operations center is a central entity for organizations, network monitoring and behavior.

13
00:00:59,420 --> 00:01:07,380
This encompasses technology and processes essential to actively managing and responding to networking

14
00:01:07,380 --> 00:01:08,850
related uses.

15
00:01:09,570 --> 00:01:17,130
A typical network operations center consists of engineers and analysts monitoring the network and ensuring

16
00:01:17,130 --> 00:01:22,110
smooth operation and ensuring network infrastructure uptime.

17
00:01:22,140 --> 00:01:30,030
This includes but is not limited to network device, server application and endpoint monitoring, hardware

18
00:01:30,030 --> 00:01:36,240
and software installation concerning network devices and network analysis and which is discovering and

19
00:01:36,240 --> 00:01:37,110
assessments.

20
00:01:37,140 --> 00:01:44,220
Network Operations Center often encounter complex networking uses that might need troubleshooting and

21
00:01:44,220 --> 00:01:49,320
collaboration between different IT teams to investigate and resolve the issue.

22
00:01:49,680 --> 00:01:56,370
To increase the overall effectiveness of a network operations center, a organizations focus on a few

23
00:01:56,370 --> 00:02:02,070
areas as discussed in next subsections proper incident management.

24
00:02:02,670 --> 00:02:08,820
This will include identifying an incident investigating the root cause, resolving the incident and

25
00:02:08,820 --> 00:02:13,050
preventing its recurrence to avoid business disruption.

26
00:02:13,380 --> 00:02:19,770
For a more evolved look at the best practices for incident management and the organization should review

27
00:02:19,770 --> 00:02:26,310
and analyze their adherence for the ideal incident management framework.

28
00:02:26,340 --> 00:02:34,710
This includes prioritizing incidents based on their impact accurately reflecting on the current status

29
00:02:34,710 --> 00:02:37,590
and documentation of all certificates.

30
00:02:39,230 --> 00:02:45,200
Implementing a streamlined process to ensure that the effective handling of incidents that's in line

31
00:02:45,200 --> 00:02:47,420
with the organization's policy.

32
00:02:47,810 --> 00:02:52,490
Automating elementary manual iterative tasks and escalations.

33
00:02:54,110 --> 00:02:59,990
Implementing an effective communication mechanism for sharing a real time updates with the required

34
00:02:59,990 --> 00:03:01,160
stakeholders.

35
00:03:01,430 --> 00:03:07,310
Integrating third party applications such as ticketing systems, monitoring dashboards and knowledge

36
00:03:07,310 --> 00:03:13,610
base throughout intelligence and so on to make the analysts more powered.

37
00:03:13,940 --> 00:03:20,380
Establishing key performance indicators and driving continuous improvement by reporting on them.

38
00:03:20,390 --> 00:03:27,590
This helps the organization continuously improve and innovative on its performance metrics and key deliverables

39
00:03:27,590 --> 00:03:34,180
such as higher performance quality, lower cost to serve them and their mean to time to the result.

40
00:03:34,910 --> 00:03:41,600
An incident response team should consist of a hierarchical team structure where each level is accountable

41
00:03:41,600 --> 00:03:43,640
and responsible for certain activities.

42
00:03:43,640 --> 00:03:47,660
As you can see here, Tier one Analysts.

43
00:03:47,960 --> 00:03:54,520
Tier one Analysts acts as the first point of contact in the incident response process.

44
00:03:54,540 --> 00:04:00,120
They are responsible for recording classification and first line investigation.

45
00:04:01,020 --> 00:04:03,030
Tier two Analysts.

46
00:04:03,390 --> 00:04:11,610
Tier two analysts act as an escalation point for Tier one also acts as a SME for deeper investigation

47
00:04:11,610 --> 00:04:14,280
and creation of knowledge articles.

48
00:04:14,310 --> 00:04:19,770
They are also required to escalate major incidents to Tier three.

49
00:04:20,610 --> 00:04:22,530
Tier three Analysts.

50
00:04:22,980 --> 00:04:30,450
Tier three analysts act as an escalation point for Tier two and is responsible for restoring an impacted

51
00:04:30,450 --> 00:04:31,320
service.

52
00:04:31,710 --> 00:04:37,740
They escalate or resolve the incidents at a relevant vendor or team for resolution.

53
00:04:37,770 --> 00:04:42,090
They also act as a liaison between internal and vendor teams.

54
00:04:42,120 --> 00:04:44,400
Incident Coordinator.

55
00:04:44,550 --> 00:04:51,510
Incident Coordinator acts as the administrative authority, ensuring that the process is being followed

56
00:04:51,510 --> 00:04:53,970
and the quality is maintained.

57
00:04:54,150 --> 00:05:00,570
They are responsible for assigning an incident within a group, maintaining communication with the incident

58
00:05:00,570 --> 00:05:05,220
manager and providing trend analysis for iterative incidents.

59
00:05:05,850 --> 00:05:07,860
Incident Manager.

60
00:05:08,220 --> 00:05:13,950
Incident Manager manages the entire process until normal service is restored.

61
00:05:14,390 --> 00:05:20,900
They are primarily responsible for planning and coordinating activities such as monitoring resolution

62
00:05:20,900 --> 00:05:22,160
and reporting.

63
00:05:22,340 --> 00:05:31,430
They act as a point for major escalations, monitor the workload and SLA adherence conduct incident

64
00:05:31,430 --> 00:05:38,450
reviews, provide guidance to the team and ensure continuous improvement and process excellence.

65
00:05:38,660 --> 00:05:44,660
In some organisations there are other roles such as incident assignment, group manager and incident

66
00:05:44,660 --> 00:05:50,600
process owner who is accountable for designing, maintaining and improving the process to ensure the

67
00:05:50,600 --> 00:05:54,230
efficiency and effectiveness of the service's delivery.