Blog :: Security Operations

Enterprises face tough, new reality of cybercrime: It’s not if, but when


By 2025, it’s estimated that cybercrime will cost the world $10.5 trillion annually—a figure that includes damage and destruction of data; theft of intellectual property, personal and financial data; disruption to business; restoration and deletion of hacked data and systems; and reputational harm.

In the past, some enterprises have taken a “wait and see” approach to cybersecurity, assuming attackers only target large companies or those with obvious financial opportunities to exploit. But as Verizon’s 2021 Data Breach Investigations Report clearly shows, the reality is that attackers don’t fit into a particular profile, and they don’t just attack certain types of companies.

In other words, it’s no longer a matter of if your company will experience a cyberattack but when your company will be attacked.

The business of cyber attacks

The best way for today’s enterprises to view cybersecurity is in terms of business disruption: What will the impact be on your customers, your employees, your vendors and your business prospects when—not if—a cyberattack disrupts your business?

Consider some hard truths about the state of enterprise network security today:

  • Network visibility is severely limited in today’s distributed networks.
  • It’s taking longer for breaches to be discovered—sometimes weeks or months.
  • Attackers can—and do—monetize everything they break in and steal. In fact, 80 percent of attacks in 2020 were financially motivated.
  • It’s increasingly difficult to control network access and/or know for certain who’s on the network and what they’re doing while there.

The enormous increase in vulnerabilities and exploits, coupled with the monetization of everything, means that every enterprise is a target, and legacy threat prevention methods are not adequate against today’s attacks.

Network detection and response: the better solution

These changes make it imperative for enterprises to implement Network Detection and Response (NDR) solutions, which analyze network data in real time and build models using machine learning and other analytical techniques to represent normal network behavior. When anomalous behavior is detected, NDR solutions provide early detection, raising alerts and providing manual or automatic actions that network and security operations teams can use to remediate incidents.

Underscoring the importance of NDR solutions to enterprises, Gartner recommends a number of steps that security and risk managers should take to improve infrastructure security and the detection of suspicious network traffic, including:

  • Implement behavioral-based NDR tools to complement signature-based detection solutions
  • Include NDR-as-a-feature solutions in their evaluations, if they are available from their current security information and event management (SIEM), firewall, or other security vendors
  • Decide early in the evaluation process if they desire automated response versus manual response capabilities

It’s equally important for enterprises to understand the different types of NDR solutions, especially in terms of how traffic is analyzed. While the majority of NDR solutions are packet-based, such solutions have several issues, including high costs, limited network visibility, and time to value is much longer.

In contrast, Plixer’s NDR Platform uses NetFlow data from your existing infrastructure to provide real-time, end-to-end visibility for anomaly detection and correlation, network and application performance, and traffic patterns and trends. A new white paper has been developed to help enterprises better understand the security threats they face, how NDR solutions can mitigate those threats and the different types of NDR solutions on the market. Access your copy of To catch a thief: Network detection & response solutions take center stage in the fight against cybercrime today.