Managing a DOT’s network and cybersecurity is extremely critical as it is the nerve center of your organization. Although each organization will have unique requirements, we have laid out the basics of setting up your own Network Operation Centers (NOCs) and/or Security Operation Centers (SOCs).
A lot of organizations may wonder why an NOC/SOC and staffing structure is needed, but in the end it will save you time, money and keep your network safe. These centers help prevent data breaches and network failures. In addition to proactive prevention, the experts who staff these centers can help manage breach or failure situations, which is arguably more important.
“The next steps [after a network breach] are the most important because they save you from disaster,” Mike Paul, ITS Networking expert explains.
When a cyber-attack or network failure is handled swiftly, carefully, and by protocol, it minimizes damages.
Who you need
Developer or system architect
You need a proper team set up to watch your network and troubleshoot areas of concern. One way to organize this department is a three-tier structure:
Tier 1 – Help desk (This is the first individual who would help troubleshoot using standard fixes suggested by a manual.)
Tier 2 – Technical expert (Tier 1 would send this individual problems that they were unable to solve with basic troubleshooting strategies.)
Tier 3 – Developer or system architect (This is the highest level of technical problem solving and would be used for recoding projects or severe system-wide issues.)
This structure can be utilized for an NOC or SOC, and individuals can be cross-trained to do both to minimize staff costs per tier. Additionally, within this staff it would be established who would handle what in the event of a network breach or failure; as we said, the next steps are the most important.
What you need
This kind of high-tech operation needs appropriate equipment. For best SOC/NOC execution, invest in a proper network management system (NMS) and a monitor wall.
An NMS is a software that periodically checks devices on the network. The NMS will allow you to see any errors when a device is polled. However, we also recommend setting up “traps” that automatically detect and alert you of specified errors or concerns 24/7, as opposed to solely relying on NMS reports. If a big breach occurs hours or days before the NMS is set to poll devices, without the proper traps in place, the hacker could be in your system wreaking havoc without detection.
Having several monitors operating at once ensures full visibility of your network and security. However, the quality of the monitors is more important than you might think.
“You can cheap out on a monitor wall and get a couple TVs from Walmart or Target, but those aren’t meant to be powered on all the time,” Paul explains. “Our Planar systems are special because their power supply is not on the actual monitor. One of the main things that would fail on a monitor wall is the power supply, but our power supply is in the rack, not in the display, so you don’t have to take apart the display to fix a power supply issue.”
Another consideration when purchasing a monitor wall is how many areas need to be monitored. For example, one of the displays we sell has 10 available windows, which means if you had 25 areas to watch, you would need 3 displays. A display is used in our scenarios because they are meant to be on 24/7 with no screen burn-in.
In addition to improving your overall network and security, establishing an NOC or SOC will improve your uptime and quality of service. The best people coupled with the best equipment can go a long way.