NOC vs. SOC: Everything You Need to Know

Network Operations Center (NOC) and Security Operations Center (SOC) services – companies and organizations need both to protect themselves against potential cybersecurity threats while keeping IT infrastructure fully operational.

The SOC and NOC help identify, analyze, prioritize, and resolve issues that may affect the availability and integrity of the information that organizations have. However, their roles are subtly but fundamentally different.

In this article, you’ll learn about the SOC and NOC, and how they complement each other’s functions.

What is NOC?

The NOC’s main job is to establish and maintain the health of an organization’s IT infrastructure, including servers, databases, websites, and virtual machines, and keep the networks up and running at peak efficiency. When there’s an application outage, for example, the NOC’s responsible for troubleshooting the problem to restore normal operations.

The NOC achieves this by keeping track of incidents that affect availability and performance. These incidents may arise as an organization manages, monitors, and controls the networks within their infrastructure to meet service-level agreements (SLAs).

Typically, organizations usually have a dedicated room set up to allow them to monitor and manage problems that may compromise the integrity of their IT infrastructure and lead to company downtime. Unplanned downtime can lead to loss of business but also hurt the reputation of the company.

An NOC is only as good as the personnel that run it. Staff trained in network, application, and systems engineering are required to run a successful NOC.

What is SOC?

Like people, many businesses constantly face the threat of cyber-attacks, such as ransomware, phishing, and spyware. Concerns over data loss and operational interference by criminal elements are legitimate and must be addressed before it’s too late.

Whereas the NOC focuses on performance and availability issues, the SOC concerns itself with incidents and alerts that may lead to loss of information assets and sensitive customer data. It achieves this by monitoring and managing the security health of an organization’s IT infrastructure, including firewalls, access controls, anti-virus, identity management, anti-virus, and more.

Besides monitoring security incidents and responding to them, SOC staff are also responsible for developing and enforcing security policies. These policies help to keep tabs on current and emerging security threats. It’s important to note that each organization is different, so there’s no such thing as the best SOC for all organizations. SOC must be tailored to suit the specific security issues that every organization faces.

NOC vs. SOC: Which is Superior?

Whereas the functions of the NOC and SOC are different, each plays an equally important part in protecting an organization against the possibility of cyber-attacks while keeping IT infrastructure sound and available for use.

Depending on your organization’s security needs, you can either merge these functions or execute them separately. Before choosing one approach over the other, make sure you review the pros and cons of each to determine the best choice for your situation. If you’re unsure about the best way to handle your NOC-SOC functions, talking to an expert in the field can help.

Looking to strengthen up your company’s online security?  Reach out to us today!

Disaster Recovery vs. Business Continuity

Disasters, whether operational or natural, can have serious ramifications for small businesses. Out of every ten small businesses that suffer a disaster, four to six of that figure never recover from the disaster, according to a report prepared by the Federal Emergency Management Agency (FEMA). These numbers underscore why every small business owner must have disaster recovery and business continuity plans in place.

The terms disaster recovery and business continuity are sometimes used interchangeably yet they’re entirely different strategies.

Read along to discover the differences between these two fundamentally different concepts and understand why both are essential for a business’s continued existence.

Business continuity

Many adverse events can disrupt normal business operations. A business continuity plan is a plan of action that a company must follow to survive such events. Before digging deeper into what the plan covers, it’s important to understand the concept of business continuity.

Disasters, such as fire, hurricanes, floods, terrorist attacks, or cyber-attacks are potential threats to normal business operations. When they strike, it’s important for businesses to intervene and quickly resume operations to avoid the risk of shutting down completely. Otherwise, they’ll risk losing customers, business partners, and key members of staff. Business continuity helps cushion against all these undesirable outcomes.

A business continuity plan identifies the critical assets and infrastructure of a business and lays out the strategies that will need to be deployed to protect those assets against damage or loss. Some of the most important items that may be covered include IT components like servers, databases, websites, phones, virtual machines.  It is important to note that non-IT components like human resources, physical assets and documents should be considered in a business continuity plan.

Any entrepreneur with a growth-mindset should have a business continuity plan in place.

Disaster recovery

There’s a general misconception among small business owners that disaster recovery and business continuity mean the same thing. While both help minimize downtime after a disruptive event, they have different purposes.

Disaster recovery mainly focuses on restoring critical information technology infrastructure and business support systems following a crisis. It’s a subcategory of business continuity planning. A disaster recovery plan is primarily concerned with maintaining the security health of a business’ hardware devices, such as desktops, laptops, and wireless devices, as well as software, data, and connectivity.  As with business continuity, every department should have a disaster recovery plan, not just IT.  

The disaster recovery team’s job is to restore operations within the shortest time possible to minimize business downtime. Priorities for recovery of technical operations should match the priorities for recovery of daily business processes and functions.

Disaster recovery and business continuity: Both are essential for business survival

Contrary to the common belief among small business owners that disaster recovery and business continuity are not interchangeable, they’re two different strategies that can be used to help businesses continue operating as a going concern. While disaster recovery is only a subset of business continuity, a business continuity plan is incomplete without it. That said, disasters are a harsh reality of today’s digital business landscape and entrepreneurs must be prepared to survive them when they happen.

Entrepreneurs can always consult industry experts if they need help with creating effective disaster recovery and business continuity plans for their businesses.

 

 

What is Phishing, and How Does it Affect Your Business?

Phishing has been a growing concern for companies over the years. VelocIT partnered with Webroot to host a Security Awareness Training this spring.

In the digital age, there’s a contingent of individuals that understand the nature of phishing. However, most people know the term is associated with email scams, but they don’t understand the nuts and bolts.

This blog will discuss the various nuances of phishing, the typical attributes of such a scam, and how it can hurt businesses.

Delving into Phishing

Phishing emails attempt to acquire sensitive information from recipients and are sent under the guise of being from an above-board organization.

Generally, these messages involve a phony link to the fake company’s “official website,” where the victim would fill in this information. Websites are usually convincing shams, acting as a direct funnel for the info as it travels right to these scammers.

The idea behind phishing is that these scam-artists are drawing in victims with a fake lure, akin to fishing. From there, if the bait is strong enough, the user bites and offers up things such as:

  • Credit card numbers
  • Account numbers
  • Passwords
  • Usernames
  • And more

Here’s what’s necessary to understand about phishing:

Even though most people think they’re too intelligent to fall for a phishing scam, “smarts” don’t have much to do with it. It can happen to anyone.

Who Falls for Phishing Scams?

Interestingly, 86% of Americans (for the most part, mistakenly) believe they know the difference between phishing and non-phishing messages.

Yet 62% of those US citizens have had their info breached and compromised.

Scammers know what they’re doing, preying on human emotions and their sense of urgency. These cybercriminals have a firm grasp of the subtle details needed to disguise emails and know their demographics better than any marketer.

The above fact is why these criminals can target their messaging. It’s a technique known as spear phishing, which establishes trust and familiarity, to fool victims.  

Have you ever been in a hurry and pen a message from your boss without even checking the subject?  The point is you can be tech-savvy and still fall for these ploys, they are created to resemble typical messages from your usual network. 

Phishers tap into the fact that 65% of Americans prioritize emails from their boss. Also, they know that 54% of US citizens look at emails from family or friends. Lastly, 33% will prioritize emails to confirm bank transactions.

How Much Can Phishing Scams Cost Businesses?

The above section discussed how phishing scammers leverage a recipient’s tendency to immediately open emails from their boss.

That’s an example of how phishing scams can harm businesses, and why cyberattacks cost small businesses $53,987, on average. It’s also why employees and leadership throughout organizations must remain eternally vigilant in preventing these crimes.

How VelocIT has vowed to help

We believe that educating users is the number one way to present data breaches.  User error accounts for up to 90% of successful breaches.  By ensuring that your team can recognize and avoid phishing scams you will greatly reduce the likelihood of a cyberattack.

This past month we partnered with Webroot to offer a free Security Awareness Training.   The short educational module provides your team with the tools to identify, stop and prevent phishing and other malicious activities.

“Our Security Awareness Training with Webroot was definitely well-received,” said Mike Bucciero, Vice President of Client Services at VelocIT,  “We’re always looking for ways to offer education and resources to our clients, with everyone stuck at home we figured it was perfect timing”

If your team is interested in beefing up their knowledge on phishing and the threat it poses to your organization, reach out to us and learn more about the Security Awareness Training HERE.

VelocIT Launches Virtual Office, Helps Companies Adapt During Pandemic and Beyond

Technology solution empowers remote teams to work more efficiently

CRANBURY TOWNSHIP, NJ (May 21, 2020) – The COVID-19 pandemic has introduced a new way of working for many teams.  Teams have adapted to working remotely with higher levels of efficiency than expected. As companies across the country adjust to the new normal, VelocIT Virtual Office, a new product from VelocIT, will give business leaders the freedom to quickly enable their mobile workforce with equipment, security, the latest software, and 24/7 IT Support that’s a click or phone call away.

With VelocIT Virtual Office, companies that were spending thousands of dollars in physical office space will now have the option to save money on rent, mortgage, and IT infrastructure by enabling their teams to work from anywhere while maintaining security and efficiency.

“Many companies have realized that their team is just as, if not more, productive working from home. For most of these companies, reducing or eliminating their square footage will save them money, which they can reinvest into their business,” said Darek Hahn, President and CEO of VelocIT. “We’ve taken best in class tools and combined them into VelocIT Virtual Office. It is a one-stop, fully supported, solution for companies that are looking to “unplug” from the traditional office setting.”

Virtual Office is a fully virtual technology solution that gives teams the ability to work from anywhere with no hardware beyond their end-user devices. The basic product bundle includes onboarding, help desk support, email management & security, Microsoft 365 for email, secure email & endpoint backup, antivirus, endpoint encryption, content management, patch management.  Additional services for remote users include, corporate home firewall to separate work from home traffic, Virtual Desktop & Server solutions, extended service hours, virtual phone services.  For those that need to keep a small office place for storage, meetings or touchdown places for employees can also add office network management. For any hardware needed VelocIT can work with a ‘Bring Your Own Device’ option or can setup lease or rent options for companies that do not want to own any hardware.

To learn more about Virtual Office, visit the VelocIT website at velocitmsp.com.

About VelocIT

VelocIT’s unique managed service delivery model builds trust. Our goal is to help you grow your business through IT Leadership. From infrastructure to end-user support, VelocIT partners with you to meet the unique technology needs specific to your business. Our integrated approach to Information Technology Support consistently reduces operational costs while increasing end-user satisfaction for our partners.

Microsoft Teams VS. Zoom

Read our latest White Paper on this Subject.

Both platforms have their unique advantages and disadvantages, and from our experiences and research we’ve determined for most of our clients it actually makes sense to use both.  

In the midst of a shutdown unlike anything we have seen before, video conferencing sites have exploded in popularity.

In the vertical of video conferencing platforms two have distanced themselves from the rest:  Microsoft Teams and Zoom.  It would be remiss not to mention Skype, Google Hangouts, Facetime or OoVoo – all of which are or were at one time popular video chatting services.  In terms of current applications within an American professional organization it is typically a coin flip between Microsoft Teams and Zoom, whose total users jumped from 10 million in December 2019 to 200 million in March 2020.

The two platforms have been thrust into “essential” level status as tools for workplaces and many business leaders aren’t entirely familiar with the options available.

Microsoft Teams comes included with MS Office 365 and integrates quite well within the system, making Teams a suitable option for in-office use and communication.  Microsoft Teams is optimized for secure, internal collaborations.  Calls with Teams can have up to 20 users on at once.  

Zoom, on the other hand, is more of a jack-of-all-trades video conferencing tool that can be used for both internal communication and external personal use.  It can handle up to 49 users on a single call as well as breakout rooms for users to split into smaller groups.  Zoom offers a free service with up to 100 participants however it is limited to 40 minutes per call.  For unlimited calls and webinars the pricing increases starting at $14.99 per host per month.

Zoom made headlines recently due to concerns of security.  Some Zoom encryption keys were generated in China which caused concerns for many users as to who had access to their data.

Another concern with Zoom was the prevalence of so-called “Zoombombers” entering private video conferences at will.  Zoom does in fact have ways to prevent that exact kind of malicious activity and always has; however the default privacy settings on Zoom are set to open instead of closed.  These can be adjusted to give meeting hosts the ability to set up passwords for meetings and review new guests in a waiting room before they are allowed on the call.   Zoom addressed these issues with software updates in April.  We recommend checking your settings in Zoom to make sure that the security measures are up to your company’s standards.  

A reason many organizations use Teams could be out of convenience, as the service comes free along with MS Office 365 and integrates smoothly into company calendars and email accounts which makes scheduling and sharing files a breeze.  Like Zoom, there are waiting rooms and passwords to keep out unwanted guests and keep your data safe.

Companies have unique challenges and needs so there is no blanket answer to which service is better.  If your company is already using MS 365 then you already have Teams to integrate into the rest of the Microsoft apps.  If you are looking to use video conferencing outside of work or are curious to see how Zoom performs then download the free version and give it a try.  At VelocIT we prefer to remain agnostic in regard to our video conferencing tools as our clients use several different platforms.  It’s very commonplace for companies to use Teams internally and Zoom for communicating with clients and vendors.   For the majority of our clients it does make sense to use both to their advantages as the two services compliment each other quite well.

Don’t forget to follow the VelocIT for more updates and other relevant tech laws.

How the EARN IT Act is Threatening End to End Encryption

In the wake of the COVID-19 crisis, anything that doesn’t have much to do with the virus isn’t making news. One such thing is the introduction of the EARN IT act.

So what exactly is the EARN IT act, and why is it such a threat to end-to-end encryption? Let’s take a look.

Before we get any further, let’s make sure we all understand end to end encryption.  End to end encryption is a way of protecting information from 3rd parties.  Simply put, end to end encryption scrambles data from one source or “end” and does not decrypt the message until it reaches the other end.  This protects companies and their data from malicious activity, but it also allows cybercriminals to store and share illegal files and data freely.  That is where the debate on end to end encryption begins, and why the EARN IT act has been proposed.

What is the EARN IT Act?

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, or EARN IT Act, is a bill designed to require tech businesses to take child sexual exploitation with more seriousness. Essentially, the act would create more incentives for businesses to earn liability protection for law violations that relate to online child sexual abuse material or CSAM. According to one of the legislators that introduced the bill, member Dianne Feinstein, companies “must do more to combat this growing problem on their online platforms. Our bill would allow individuals to sue tech companies that don’t take proper steps to prevent online child exploitation, and it’s an important step to protect the most vulnerable among us.”

So what bad could possibly come from this act? Unfortunately, many believe the bill is a thinly-veiled attempt to disrupt end-to-end encryption.

Why is the EARN IT Act Such a Threat?

The EARN IT Act New Jersey bill is a noble cause, but tech experts are wary that the bill could violate free speech and damage security protections on the internet.

The bill itself could be seen as an attempt to chip away at end-to-end encryption by targeting Section 230. Section 230 is a vital part of the Communications Decency Act of 1996, an act that protects free speech by giving tech leaders and companies immunity from liabilities that may be associated with content that is posted on their respective platforms.

The Justice Department has been saying for quite a while that end-to-end encryption presents a roadblock for investigators that need to gather evidence to catch internet criminals. With no compromise in sight, the EARN IT Act seems to be a way to force tech companies to take more responsibility for what is posted on their platforms. Section 230 essentially states that liability falls on individual users, rather than the owner of the platform that user content is posted on. The bill will make it possible to sue tech companies that aren’t taking more steps to prevent child exploitation– which could lead to a widespread end to end-to-end encryption so that tech platforms can protect themselves legally.

What do you think of the EARN IT Act? Do you believe it will help fight online child exploitation or break down end-to-end encryption and internet privacy?

Don’t forget to follow the VelocIT for more updates on the Earn It Act and other relevant tech laws.
Photo source: Pixabay

VelocIT Implements Online Chat and SMS Texting

VelocIT has adopted online “texting” and SMS texting to enhance their client communications

CRANBURY, NEW JERSEY — VelocIT, a New Jersey-based managed service provider and technology partner, announced today new communication methods for their customers.  Not only can customers use the traditional methods of picking up the phone or emailing to contact them for support, VelocIT has implemented Online Chat and SMS Texting to reach a live agent. Channels like online “texting” and SMS texting are great options to communicate with customers making it easier to obtain support.  There are 3.5 billion phones world wide, 96% of Americans currently own a cellphone of some kind and 81% text regularly.  This makes it an excellent option for better communicating with VelocIT clients.

“Obtaining IT support should be simple and quick.  This capability makes it simple and quick.” says Glenn Kupsch, Chief Operating Officer of VelocIT.

Over the course of the next several weeks, VelocIT will be communicating this new communication platform to their existing customers.

Mike Bucciero Promoted to Vice President of Client Services

CRANBURY, NEW JERSEY — VelocIT, a New Jersey-based managed service provider and technology partner, announced the promotion of senior team member, Mike Bucciero, to VP of Client Services. Bucciero joined the company more than 20 years ago as an intern and is excited to take on a new role and get back to more client-facing responsibilities. 

Bucciero started with the company on the ground floor when he joined as an  intern. Through the years he has moved into new roles within the company to  challenge him and force him to grow. As a seasoned professional and veteran employee, Bucciero has reached a level of success and a step on the corporate ladder that he feels will invite him to use his skills to help lead a team of professionals in reaching their potential. 

“I have been at this company for so long because I believe in our team and what we do,” commented Bucciero when asked about his promotion. “I am very excited to get back to playing a more advisory role and continue helping our clients make the best possible decisions when it comes to leveraging technology.”

In his new role, Bucciero will be a more client-facing asset, offering his skills and
expertise to guide clients and help them understand their technology integration
options.

CEO Darek Hahn spoke highly of Bucciero and his ongoing contributions to the
company: “We appreciate Mike’s long-term commitment to the company and all he has given us over the years. He is no stranger to putting in the hard work. And, we truly appreciate his growth and ability to lead internally and work directly with clients.” 

ABOUT VELOCIT

VelocIT’s unique managed service delivery model builds trust. Our goal is to help you grow your business through IT Leadership. From infrastructure to end-user support, VelocIT partners with you to meet the unique technology needs specific to your business. Our integrated approach to Information Technology Support consistently reduces operational costs while increasing end-user satisfaction for our partners.

Virtual Reality and Augmented Reality

Do you have questions about how Virtual Reality and Augmented Reality can enhance your business?

VelocIT has the answers. Contact us today to learn more!

What is Machine Learning?

Do you have questions about Machine Learning and how it affects your day-to-day business?

VelocIT has the answers. Contact us today to learn more!