Forrester: Network Analysis and Visibility are Essential

Many organizations are embracing the zero trust security model to implement a comprehensive approach to cybersecurity, but to achieve a zero trust security stance, they must deploy a network analysis and visibility (NAV) solution, according to a leading technology research firm.

NAV solutions, sometimes called network detection and response or NDR solutions, are essential for creating a robust and effective zero trust architecture, says a new Forrester report, “The Network Analysis And Visibility Landscape, Q1 2023.”

Zero trust security “...assumes that networks are inherently untrusted,” and thus “requires visibility into and analysis of internal network traffic,” the report says.

While other security tools are required for a zero trust architecture, NAV solutions are unique in the zero trust landscape, Forrester says. NAV tools provide intelligence on and visibility into “...all aspects of the network, down to the endpoint and into the cloud,” according to the report, which recognizes ExtraHop as a notable provider of NAV solutions.

Extending Network Awareness

Even though zero trust security calls for network monitoring, many companies have historically ignored their internal networks as avenues for cyberattacks, Forrester notes. Cybercriminals have taken advantage of this lack of security awareness to prowl and camp out inside corporate networks.

The result of this oversight can be disastrous. When attackers can move freely and undetected on your network, they can gain access to privileged systems, install ransomware or other malware, and steal your company’s data.

NAV or NDR solutions track and stop attacks before they can do major damage to a company. NAV solutions allow security teams to find abnormal and malicious behavior that can sneak past other cybersecurity tools, particularly when attackers encrypt their activity or already have gained access to the network.

Making the Case

The Forrester report states that security and risk professionals use NAV tools to monitor network performance, hunt for threats, discover applications and assets, and capture packets.

These solutions can detect threats with great effectiveness across hybrid cloud infrastructure. NAV solutions also work well on premises or in a pure cloud setting.

NAV tools can also help security teams identify ways to improve their cybersecurity posture, Forrester says. While many companies struggle to see an accurate representation of their networks, NAV solutions give security teams visibility into all network traffic, allowing them to understand application dependencies and plug security gaps.

In addition, NAV allows companies to ingest telemetry data from endpoint detection and response (EDR) solutions, extended detection and response (XDR) solutions and other sources, the report notes. With this information, the NAV solution can provide EDR, XDR, or security orchestration, automation, and response (SOAR) tools with the information needed to respond to identified cyberthreats.

As NAV tools look for strange or malicious behaviors on an organization’s network, they report them to security analysts using “rich contextual information” from a variety of telemetry sources, the report adds.

As an example, the report notes that ExtraHop customers are deploying the Reveal(x) 360 NAV solution for four extended use cases: encrypted traffic analysis, threat intelligence feed correlations, automated response, and asset discovery.

Separate from the report, a commissioned Total Economic Impact™ Study conducted by Forrester Consulting on behalf of ExtraHop found a 193 percent return on investment over three years for companies using the ExtraHop Reveal(x) 360 NAV solution. Forrester modeled a composite organization based on interviews with ExtraHop customers and estimated that Reveal(x) 360 saved the composite organization 2.5 hours on detection and 7 hours on remediation.

The end result for a company deploying an NAV solution: They find a better way to identify threats and malware, resulting in reduced downtime and a shorter mean time to respond after an attack, Forrester says. And that’s what all organizations should be looking for in a cybersecurity solution.