Good morning (afternoon). Today’s discussion will focus on how to prevent network disruption by proactively identifying and managing Cisco alerts that impact your network devices.
Poll question: How do you track and manage alerts today?
Review one-off email notifications – review notice & determine impacted devices When they open a case with TAC, they find their a bulletin addressing the problem Cisco support community / industry sites No formal process in place
Poll question: How do you track and manage alerts today?
[Recap the manual methods after the audience participates in the poll question]
Here are a few of the manual tracking methods we find today:
Customers are reviewing one-off email notifications Alert are discovered during a TAC call and they find a bulletin addressing the problem Periodic searching on the Cisco support community or industry sites In some cases, there isn’t a formal process in place
Typical alerts include:
Hardware alerts: Hardware end-of-life and end-of-support reminders. Software alerts: Software end-of-engineering, end-of-life, and end-of support reminders. PSIRT alerts: Product Security Incident Response Team. Security advisories, notifications of threats, and vulnerabilities. Field notice alerts: Published notifications of significant product issues that typically require an upgrade, workaround, or other action.
What are some of the issues you run into when dealing with alerts?
Are you getting too many alerts and having trouble knowing if they apply to your network? How do you identify devices that have security alerts and/or notifications? How do I manage security vulnerabilities? Which alerts should we prioritize? Do you find managing your alerts to be a labor intensive process?
Today, we’re going to show you how Smart Net Total Care addresses these challenges.
Introduce Smart Net Total Care
Cisco Smart Net Total Care is a next-generation support service that helps you:
Automatically maintain a comprehensive and up-to-date view of your Cisco installed base Manage your support contracts to see what’s covered, what’s due to expire, and if you have any uncovered devices Identify Cisco products that are reaching end-of-life, end-of-sale, or end-of-support Easily see what has moved, been added or changed in your network. Perform network device planning and budgeting activities
And the topic for today’s session…
Easily see the alerts that apply to your network, and which devices are affected.
Here’s a what the highly intuitive and customizable SNTC dashboard looks like. As you can see, SNTC quickly delivers actionable information and insights into your network.
We’re going to show how Smart Net Total Care help you effectively and efficiently manage and track Cisco security, hardware, and software alerts, and Cisco field notices.
● Easily list alerts that apply to your network, and which devices are affected, helping prioritize activity. ● Acknowledge those alerts that have been reviewed or mitigated, providing you with a concise and persistent list of activities and alerts needing attention. ● See which Cisco alerts have been generated, and alerts activities associated with your devices, during a specific time period.
Do you have a method for tracking PSIRT or security alerts specific the equipment on your network?
An important first step in getting the most from your alerts is determining which alerts apply to you and which could put your network at risk. Investing some time in organizing and updating network alerts can make a world of difference.
Prioritizing Alerts: When it comes to prioritizing alerts, every team should have its own set of critical considerations. Here are some important factors that should make the list:
Security vulnerabilities – these need to be adjusted your specific environment. The level of impact on business operations. Does impacted device affect your Service-level agreements? Equipment replacement costs Device location Software and hardware lifecycles – mitigate risk and plan for upgrades to equipment that is no longer supported
Alerts provide list of hardware and software alerts, PSIRTs, and Field notices. Users can drill down to see increasing detail.
Now we see the relevant details of those devices to quickly focus where attention needs to be taken.
Here you can see more details regarding how the alert works and how your customer can drill down to see affected devices as well as the actual alert text.
Status updates and notes become part of the record for the device.
Example Case Study
Customer challenge: We recently worked with a healthcare organization who was looking for a more efficient way to manage their alerts. Being in a medical environment, security was very important so they needed a way to ensure vulnerabilities were being addressed. How did they keep track of all of the alerts coming in? They assigned a member of their IT staff to manually review PSIRTS and security advisories. As you can imagine, this was a very labor intensive task to review every PSIRT manually. First they had to determine if the alert even applied to their network. If it did, they would then assess the risk level, find the impacted devices, and lookup the detail on how to remediate the issue.
When we put Smart Net Total Care in, it became much easier to see and prioritize the PSIRTS based on their environment. With a tracking system in place, they were able to confirm alerts were addressed Network risk was reduced based on timely alerts and responses IT resources were reallocate to more strategic IT initiatives
STAT: Consistent device tracking and up-to-date maintenance reduce the chance of network outages by 40 percent.
Quick Tips for Tracking Alerts
1. Develop a consistent process for reviewing alerts.
2. Prioritize alerts according to your specific business needs.
3. Tag alerts that require action and develop a clear and concise list of actionable alerts. Flag and comment on alerts “Action Required” “Assign to security group to review and complete by X/X”
(Continued on next slide)
Quick Tips for Tracking Alerts Continued…
4. Record how you have responded to each alert: whether you addressed the alert or chose not to address it and why. Alert drops off after action has been completed
5. Maintain detailed information, so other team members have important background on hand when addressing remediation steps or when TAC support is needed. Comments, actions taken
6. Use a delta report to keep track of what’s new and what’s been addressed
To summarize, SNTC helps customers to:
Preempt network disruption by proactively identifying issues Easily determine which alerts apply their Cisco devices Know which alerts are putting my network at risk - prioritize alerts View detailed alert information and the recommended actions for remediation Track which alerts have already been addressed Know which devices in my network are running old versions of software and creating security vulnerabilities
Thanks for your time and attention today. Do you have any questions?
Sntc April 2: Decrease Network Risk with Alert Management Draft v2