Knowing When It Is Time To Move On

I was recently reviewing a series of Gartner blogs and came across an interesting one entitled “Gartner Says More Than Half of Enterprise IT Spending in Key Market Segments Will Shift to the Cloud by 2025.” The subheadline caught my attention: “Accelerating Shift to the Cloud Means the Market Opportunity for Providers Is Narrowing.” According to Gartner, the shift to the Cloud is happening so quickly that vendor opportunities are going away. It got me thinking about a past infrastructure shift that significantly affected cybersecurity.

Back in the late 1990s, the software application industry was revolutionized by plug-and-play appliances. These appliances were a way to deliver specialized software eliminating the need to load applications via disk or tape. These appliances impacted the cybersecurity software market, especially the Network Data Loss Prevention (DLP) vendors, as a way to reduce the complexity of deploying software and upgrading systems. In 2002, at least for the DLP market, Gartner was saying the same thing; if you are not offering an appliance-based solution, you are missing out on market opportunities.

By the late 2000s, things quickly changed again as Cloud-based SaaS began to move into the mainstream. Interestingly, many vendors in the cybersecurity market were slow to leave the old appliance-based delivery model. Most of these vendors were focused on the network, and moving to an appliance would have required a complete rework of the software code and architecture. But as the Gartner blog states, the Cloud-based SaaS model has rendered the “Appliance” costly and inefficient. A case in point is the Network Detection and Response (NDR) market. In Gartner’s 2021 paper, Emerging Technologies: Adoption Growth Insights for Network Detection and Response, 30 vendors are listed who offer some type of NDR solution, and all but two utilize an appliance-based form-factor.(1)

Sometimes Cloud is More Cost Effective

These legacy appliance-based NDR tools utilize a network tap to mirror network traffic while the appliance analyzes the network traffic. Before the standard encryption of east/west network traffic, this model offered deep packet visibility to network communications with policy and machine learning analysis occurring in the appliance.

The problem with this model is that you need to tap the traffic (hardware) at every location and subnet, even mirror the traffic to assure you have complete packet collection, then deploy an NDR appliance with each; it quickly becomes very costly. Picture ten sites with two subnets at your corporate HQ, and now you must purchase and deploy ten hardware taps and 11 NDR appliances. Most vendors bury the appliance cost into the SaaS license and do not include the taps; deployment costs will quickly hit the six figures. Another problem with hardware deployments is the current global supply chain issues which means procuring the hardware can take more than six months.

With 90% of all traffic being encrypted traffic(2) and the hardware cost associated with deployments, NDR delivered by an appliance is no longer an effective solution. After considering the hidden costs like network routing, manual tuning, policies, and report creation, it is not surprising that even with a small deployment of 1200 users at two locations, the three-year TCO savings on a Cloud deployment is close to $500,000 less than a comparable appliance-based deployment.(3)

The Effect of Appliances on NDR Deployments

Network Detection and Response (NDR) has long been a cornerstone of enterprise cyber defense programs. Critical for identifying and mitigating network risks, detecting and stopping cyberattacks, including ransomware, and providing network control assessments for compliance, NDR is deployed at most of the world’s largest organizations.

But even with its robust protections, it is not widely deployed in the small and mid-market. Gartner estimates NDR penetration of the SME market is less than 17% compared to the over 60% penetration in large enterprises.(4) The primary reason for this disparity is complexity and cost. Appliance-based NDR tools are beyond every resource-constrained team’s budget and operational reach.

The good news – in the last six years, a new generation of Cloud-native SaaS NDR vendors have entered the market. CyGlass is one of the first and the only to focus on supporting small and medium organizations. With a simple pricing model, fast deployments, rapid time to value, and threat coverage that includes on-premise and cloud networks coupled with award-winning AI, CyGlass is a powerful alternative for organizations needing to deploy NDR.

Learn More About Saving Money and Lowering Your TCO with CyGlass.

  1. Blue Hexagon and CyGlass are the only two SaaS Cloud offerings listed. Blue Hexagon is a cloud security vendor and CyGlass is a network detection and response (NDR) with cloud security capabilities.
  3. Link to CyGlass Solution Brief – same as learn more CTA

Bill Munroe

VP Marketing, CyGlass