Cisco Blogs
Share

Quick Tips for Tracking Alerts


June 24, 2015 - 0 Comments

It’s no secret, networks, in general, are more challenging to manage than before.

As networks increase in complexity to embrace new business innovations, they may require more supporting devices, which, in turn, can result in even more alerts to manage.

If you’re a network manager or security officer, what are you going to do?

At Quintiles, they started using Smart Net Total Care to identify devices that might have security vulnerabilities. In the centralized portal, their IT team could easily access information on each type of alert, which is displayed by category or device and contains summary information with a link to the actual alert on Cisco.com.

“In the past, our security team would receive a notification and need detailed data from us to determine our level of risk,” says Wil Bolton, senior network systems engineer for Quintiles. “Now we can be proactive, because we can check the portal and know immediately. We have already completed some critical upgrades based on PSIRT information and can be confident that we are aware of a potential vulnerability.”

So, how are you going to quickly identify risks and network vulnerabilities? How will you reduce time chasing irrelevant alerts, so you have more time to focus on projects you care about?

 

We’ve put together six suggestions to help you better manage your alerts.

1. Develop an Alert Review Processdoan thai blog

  • Determine what your main goals are for alert management. For instance, being proactive and reducing the number of problems; simplifying day-to-day operations; or freeing up time for more strategic work.
  • Decide on a regular alert review schedule and follow it
  • Make sure all team members are involved in the process, understand it and know what they need to do with the information.
  • Establish a timeline for reviewing your results – monthly, quarterly, biannually, etc.
  • Evaluate what’s working and what’s not and make adjustments

2. Prioritize Alerts by Business Needs

Every team should have its own set of critical considerations for prioritizing alerts. These might include potential security vulnerabilities, business criticality of the device, the service-level agreement (SLA) type, equipment replacement costs, device location, and the software and hardware lifecycle. Additional factors may make your team’s list, but no matter what they are, establishing a predetermined set of factors and a hierarchy of their importance will help your team have a clear view of alert priorities.

3. Tag Alerts

Put your process into action. With a clear, established process, when the main reviewer tags alerts for action, the team knows what steps to take to manage the alert, and the team members can annotate what they did, so there is a reference record.

4. Maintain an Alerts Record

Whether you addressed the alert or chose not to address it, record how you responded and why. Creating a detailed record provides critical context for retrospective analysis. It also maintains a record of which alerts have been addressed for other team members. So when team members are addressing remediation steps or are seeking TAC support, they have important background on hand.

6. Review Alert Status

You should compare the before and after status of your alerts to make sure all your most important items have been addressed. With a detailed report, you can easily keep track of what’s new and what’s been addressed. If you are using Smart Net Total Care, a delta report quickly identifies alerts from a specific time period for your review.

What alert tracking tips have worked for you?

Learn More

Join the Conversation

Please feel free to comment, share and connect with us on Facebook, LinkedIn, @CiscoEnterprise, and the Enterprise Networks Community.

 

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.