Skip to content
ManagedNOCby Avalon Web Services

Resources

Practical guidance, no gate, no fluff.

Checklists and articles written by the engineers who run the platform — the same material we use to scope real engagements.

Readiness Checklists

Score yourself before you talk to anyone — including us.

NOC Readiness Checklist

If you can't check most of these, infrastructure problems are finding you — not the other way around.

  • We know within 5 minutes when a critical server or service goes down
  • Disk capacity, certificate expiry, and backup status are checked automatically, not on memory
  • Network devices (firewall, switches, wireless) are monitored, not just servers
  • WAN/ISP and VPN tunnel health is visible per site
  • Alerts go to a defined escalation chain — not a shared inbox nobody owns
  • Alert thresholds have been tuned in the last 6 months
  • Someone reviews infrastructure health trends at least monthly
  • We could show a stakeholder an uptime report for last quarter within an hour

SOC Readiness Checklist

Detection tooling without assigned review isn't a security program — it's an audit finding waiting to be written.

  • A named person (or service) reviews security alerts every business day
  • Risky sign-ins and MFA anomalies in Microsoft 365 are triaged, not just generated
  • Endpoint (EDR/Defender) alerts have a defined response path
  • New mail-forwarding rules and OAuth app consents are monitored
  • Firewall/IPS security events are collected somewhere searchable
  • We have a written escalation plan for a confirmed incident
  • Security incidents are documented with timelines and dispositions
  • We can produce monitoring evidence for an auditor or insurer on request

Buyer Guide

How to evaluate an infrastructure monitoring service.

Whether you talk to us or a competitor, these are the questions that separate a monitoring practice from a notification-forwarding service.

01

Who owns the data?

Ask where metrics and logs are stored, what happens to history if you leave, and whether export is contractual or a favor. Customer-hosted answers this by construction.

02

Who looks at alerts?

Ask for the triage workflow in writing: who verifies an alert, how severity is assigned, and what an escalation actually contains. 'Alerts are forwarded to you' is not a service.

03

What gets tuned, and when?

Untuned monitoring decays into noise within months. Ask how false positives are fed back and whether tuning is included or billed as change requests.

04

What does the monthly report change?

Request a sample report. It should drive decisions — capacity purchases, risk fixes, coverage changes — not restate that the service ran.

05

What's explicitly out of scope?

Good providers name their boundaries: remediation rights, after-hours coverage, forensics. Vague scope becomes a dispute during your first bad week.

06

How does it handle growth?

Ask how pricing moves with device count, sites, and security coverage — before you sign. Per-sensor SaaS metering and flat-scope services age very differently.

Articles

From the practice.

Longer-form writing is being prepared for this section. Topics below reflect what we cover in engagements today — ask us about any of them.

Monitoring

The five outages your users always find before you do

Disk-full, certificate expiry, VPN flaps, backup silent-failures, and DNS drift — why these five keep surprising SMBs and the checks that catch each one days in advance.

Coming soon

Security Operations

Your Microsoft 365 tenant is already generating security alerts. Who reads them?

A walk through the signals a standard Business Premium tenant produces — risky sign-ins, phishing detections, audit anomalies — and a realistic staffing model for reviewing them.

Coming soon

Strategy

Customer-hosted vs. SaaS monitoring: an honest cost comparison

Where per-sensor SaaS pricing crosses over the cost of hosting your own stack, what 'you own the data' means in practice, and when SaaS is actually the right call.

Coming soon

Compliance

What auditors actually accept as 'security monitoring' evidence

Log review attestations, incident records, and monitoring reports — the formats that satisfy HIPAA and SOC 2 requests, and the common evidence mistakes that trigger follow-ups.

Coming soon

Networking

Monitoring multi-site networks without drowning in duplicate alerts

Dependency-aware alerting, site-down detection, and collector placement patterns that keep a 12-site business from receiving 300 pages for one ISP outage.

Coming soon

Tooling

Zabbix, Prometheus, or both? Choosing collectors for mixed environments

A practical decision guide for environments that mix Windows servers, network gear, and containerized workloads — and why the answer is often 'both, deliberately.'

Coming soon

Want one of these topics prioritized — or discussed live on a call? Tell us.

Checklist scores lower than you'd like?

That's the normal starting point. A readiness assessment turns the gaps into a concrete, prioritized plan.