Solutions like Domotz drastically simplify monitoring and managing networks. But it takes work to do things right. JB Fowler from the Domotz team sat with Pax8 Academy Director James Davis to explain some network monitoring and management best practices.
Here is the summary of it:
- Networking Skills
- Cyber-Hygiene and Segmentation
- Network Management Improvement
- Configuration and Firmware Management
- The Future of Work
- Set Up and Sell Segmentation
- Strategic Value Proposition
The State of Networking Skills
According to JB, service providers understand networking well, but that’s not always enough. There’s always a need to improve your skill set.
One of the biggest challenges is mastering how you handle security frameworks. Many providers fall short because they need to appreciate how much work managing the network infrastructure involves.
Although there are many different frameworks, JB advised starting from the foundations. For instance, the Center for Internet Security’s CIS controls are an excellent best-practice starting point for many frameworks. Of the 18 CIS controls, two in particular merit extra focus:
- Asset Management: Understand all the devices on a network, what they are doing, and how they connect to the network. This includes both infrastructure and user devices.
- Topology Mapping: Chart the interconnections between devices and understand their role in data flows.
Understanding these two aspects is a critical part of security. You must understand what is on the network and how they are connected. Awareness is a key first step in security.
The Need for Cyber-Hygiene and Segmentation
Why are these two controls so important? As James pointed out, networks are becoming increasingly complex, and JB said segmentation is more important than ever. For instance, payment processing, AV, and guest networks should be separate.
However, hackers are continually evolving, and so are networks. MSPs must view the quest for improved cyber-hygiene as a long-term journey. You won’t get there overnight, but you should stay the course and remember that all security frameworks demand continuous effort.
Milestones on the Journey of Network Management Improvement
What goes into a successful improvement journey? JB cautioned against getting lost in the hundreds of opinions and how-to guides on improving your process. While your vendors can offer great pointers, you also need to remember the fundamentals:
Build a Stronger Network Architecture
You need managed switches, firewalls, VLANs, and a good understanding of how to set up an architecture that enforces segmentation by default. You need to keep critical and non-critical systems separated. For example, you have a guest network in your environment. Then, you may have visitors who need to have access to the network, but they should not have access to critical data systems. That is why you need the segmentation mentioned above.
JB highlighted a crucial point with another example. Your network likely connects numerous IoT devices, such as Alexa, soda machines, and Nest products. These should not share your data network because their operations are opaque, and you need more control over these consumer devices. They pose a security risk and thus should be isolated on a separate network from your critical infrastructure to safeguard your main systems.
Similarly, another example is managing AV systems, such as an in-building audio distribution or security cameras, which must also be segregated from your primary business network. These systems, critical to operational security, should be on a different network due to the potential risks they pose. Ensuring they are on a separate network is essential for maintaining the integrity and security of your core business operations.
Increase Visibility Through Monitoring
When new devices appear on your network, you need to understand where and how they’re connected at a glance. You also need to classify them and answer the following:
- What level of risk do they represent to your cyber footprint?
- Where are they connected?
- How are they connected?
- Are they critical to other processes?
As an MSP, you should always know what’s happening in your environment. This awareness takes different forms for distinct kinds of networks and databases, but constant monitoring is critical. Continuous usage oversight lets you get a feel for what’s abnormal.
Example: When managing virtual machines or servers, monitoring their performance metrics – such as CPU, hard disk, and memory usage – provides crucial insights into their efficiency. This data is invaluable for service providers to anticipate and address issues like dwindling disk space or low printer toner, enhancing customer service.
Utilizing a monitoring solution like Domotz can help you be proactive. You can call your client and say, “Hey, it looks like your printer’s toner is running low. It might be a good time to replace it.” Doing so, you can help your client significantly aid in proactively managing and optimizing these resources, ensuring superior service delivery to clients.
Improving your network monitoring can also help you maintain high service quality and provide superior support in complex environments. Being able to interrogate device statuses at any moment makes you a more competitive MSP.
Find here next-gen network monitoring tools and techniques Domotz can provide to help you improve your monitoring.
Visualize Topology in Real Time
How are the devices you manage interconnected? All the way from the endpoint through either Wi-Fi access points or managed switches, up to the primary switching mechanism, through the ISP, and out to the cloud.
Ideally, you’ll be able to look at things graphically and intuitively – no matter what layer you’re viewing, you should have the power to examine specific connections between assets.
Mental mapping may have been fine in the old days, but it’s far harder in modern times. Thanks to the IoT revolution, the number of devices on networks has exploded. While the command line still works for advanced configuration, visual monitoring is the only practical solution to the challenges of working with modern topologies.
But don’t worry, Domotz can help!
What a solution like Domotz can do for you is show you a topology map of all your connected devices in a very graphical form. Plus, it will show how all these devices are connected.
For example, you may discover that a particular endpoint on your network has to traverse through multiple switches and have bandwidth issues, or there may be latency or delays on these systems.
You will gain awareness of the port utilization from a monitoring solution, including how trunk ports or uplink ports are being managed and the bandwidth usage. Additionally, it can identify misconfigurations, such as a security camera plugged into the wrong network segment, broadcasting high-bandwidth video data where it shouldn’t be.
Practically everything is getting connected on the network now. Because of this IoT revolution, the interconnections between your devices matter.
Integrate Configuration and Firmware Management Into Your Process
Hackers commonly target devices based on outdated firmware. Your network management tool should let you monitor firmware and update it as needed, even remotely.
A critical part of Domotz’s functionality includes several key operations:
- Device Interrogation: Initially, Domotz interrogates devices across all customer sites to identify their firmware versions.
- Remote Firmware Updates: It then remotely logs into these systems to perform firmware updates and pushes them accordingly.
- Configuration Management: After updates are made to your network infrastructure, Domotz downloads the configuration to the cloud, storing it in your account. If there are changes to the configuration, whether to the running or the startup configuration, Domotz alerts you of these modifications. This makes it easy to roll back changes and push settings to new devices, saving time when you replace hardware.
Overall, tools like Domotz simplify network infrastructure management and visibility.
Be Ready for the Future of Work
As more people work remotely, businesses are increasingly reliant on cloud services. MSPs must figure out how to ensure secure connections back to business networks.
So the question service providers have is:
“How can I take the endpoints, the laptops people use to work from anywhere, and ensure a secure connection into or back to the home office?”
The answer to this challenge looks different for everyone – from SD-WANs to VPN tunneling, plenty of ways exist to slice the problem. Network monitoring delivering immediate insights is critical in this ecosystem because networks change quickly.
Pointers for Setting up (and Selling) Segmentation
Your service provisioning needs to be repeatable and scalable, and JB observed that one of the keys must be in understanding your segmentation process. Your clients may have unique needs, like AV, CCTV, or IoT networks. There’s no single best practice that suits all business models, so focus on what’s best for you and your customers.
MSPs who provide the most value are fearless in thinking strategically. Chat with your customer about their needs, and adapt your network design process to fit. This is the best way to differentiate yourself.
Security should be one of the first things you discuss with your customers. It’s up to you to explain the value of cybersecurity in ROI terms and position segmentation as a viable way to protect business assets.
JB and James both agreed that scalability is one of the biggest challenges for MSPs. It’s not uncommon for industrial IoT networks to have thousands of devices. You need both the knowledge to scale effectively and the tools to help you complete the journey.
Making a Strategic Value Proposition
It’s essential to know your limits. Remember: letting your customers know you want to bring in a domain expert and monitor their setup isn’t a sign of weakness. It indicates that you’re a mature player.
Conclusion
Frameworks can only solve some things. You need to understand the theory behind them to realize the gains. You also need a healthy appreciation for your current place in the process.
Effective network monitoring tools help you know where you stand and keep up with where your clients’ technology use is heading. This knowledge is essential to continuous improvement, which underpins every modern security framework. Learn more about cultivating the right perspective by trying Domotz today, or check out these best practices for becoming a successful MSP.
Further reading: