Network Detection and Response as an investment: How to calculate the value

This is the final post in a 4-part series of articles by Plixer’s CEO, Jeff Lindholm. Be sure to check out part 1, How to use NDR as a radar system for your network, part 2, Why network metadata analysis is the best initial action to inform security teams, and part 3, Containing a cyberattack: How NDR strengthens your response.

In this blog series, I’ve discussed how Network Detection and Response (NDR) solutions play a critical role in the fight against cyberattacks through detection, analysis, and containment of threats within your network. Security Operations teams rely on tools like NDR to identify and isolate nefarious behavior. Acting as a radar system for your network, NDR systems provide early detection of threats and work with your existing infrastructure to isolate and neutralize them. Still, with the increasing demand on your budget, it can be challenging to figure out how to pay for another security tool.

But that might be the wrong way to think about things. According to the latest Ponemon report, the cost of a data breach has increased by 10% in the last year to an average of $4.24M. And the longer it took to identify and contain the breach, the more it cost. Perhaps most importantly, we’re starting to see a stratification in the costs of a data breach, where organizations with mature deployments of leading-edge security practices like AI and Zero Trust see a reduction in the cost of a breach by as much as 80% over their peers with less mature security practices.

Unfortunately, the overwhelming majority of NDR solutions on the market today are packet-based solutions, which insert probes or other collection agents in key parts of the network to watch as traffic passes. These devices are usually placed in high-value ingress/egress points—similar to a firewall—and they only see traffic as it’s entering or exiting the network, meanwhile leaving the security team blind to the rest of the network. The expense of deploying packet capture capabilities everywhere is prohibitive, forcing enterprises to sacrifice security at the brick wall of budget. Because of this, packets are better suited for forensics, not as a detection platform. In other words, while packet analysis can help with post-event analysis, it won’t do much to help you reduce the cost implications of a data breach.

Plixer’s NDR platform avoids these pitfalls by leveraging metadata to quickly identify signs of anomalous behavior in your network, making it easy for you to spot the bad guys before they can compromise your critical resources. Enterprises concerned with reducing their exposure to—and costs from—breaches would do well to consider Plixer’s capabilities. By reducing the time during which a threat actor can poke around your network, you can limit the damage they cause. And with Plixer’s ability to monitor your Zero Trust policy enforcement, you’ll be alerted to unauthorized activity between segmented environments, an early indication the policy is being violated.

Plixer offers additional value to enterprises that can help justify the budgetary spend. We leverage the most powerful detection sensor available to you and it’s one you’ve already deployed: your network.  In our long history of providing Network Performance Monitoring and Diagnostics, we’ve helped NetOps teams by providing enriched data context of their network traffic to optimize network and application performance and plan for future consumption. With both NetOps and SecOps teams using the same platform, it’s easy to justify the investment.

When network and security teams access information from a shared platform, something unexpected happens. Hidden patterns emerge, anomalies stand out, and the teams start speaking the same language. Important insights become clear, leading to smarter decisions that make the organization safer and more efficient. Plixer has created a powerful platform for analyzing, evaluating, and visualizing the millions of conversations that cross networks every second.