The Network Visibility Challenge
This webinar addresses a critical gap in cybersecurity strategy: the lack of comprehensive network visibility beyond endpoint security. Jim Waggoner, VP of Product Management at N-able, and Kevin O'Connor, Head of Threat Research with 15 years of cybersecurity experience including work at the NSA, explain how organizations create security blind spots by focusing exclusively on endpoint protection. They demonstrate that true network visibility requires a holistic approach encompassing network infrastructure (routers, switches, firewalls, IDS/IPS), traffic and data visibility (NetFlow, DNS, TLS logs), cloud and SaaS applications, identity and authentication systems, and advanced threat detection platforms. The session emphasizes that modern networks are complex ecosystems where encrypted traffic, lateral movement, and multi-cloud environments create challenges that endpoint-only strategies cannot address.
Real-World Breach Examples
The presenters illustrate the consequences of poor network visibility through two major incidents. The Salt Typhoon espionage campaign against US telecommunications providers (AT&T, Verizon, T-Mobile) went undetected for 18 months, with Chinese state-sponsored hackers accessing court-authorized wiretapping systems because there was no anomaly detection for lateral movement or data exfiltration. The Colonial Pipeline ransomware attack forced a complete shutdown because the company couldn't determine whether the operational technology network was compromised, as there was no segmentation or visibility between IT and OT environments. These cases demonstrate that even large enterprises with significant resources fail to detect breaches when network visibility is inadequate, and that the average dwell time for attackers can extend to months or years before discovery.
Implementing Comprehensive Visibility
The webinar provides practical guidance for improving network visibility through specific technologies and best practices. Key recommendations include deploying and actively monitoring IDS/IPS systems (which many organizations have but don't properly utilize), implementing network segmentation to separate administrative, user, and operational traffic, integrating cloud environment monitoring (AWS, Azure, O365) as a critical third pillar alongside network and endpoint security, and collecting logs from SaaS applications and identity providers. The presenters emphasize that threat intelligence, while valuable for detecting known bad actors, must be combined with anomaly detection to identify unusual traffic patterns, data volumes, or destinations. They introduce managed detection and response (MDR) services as a solution for organizations lacking the resources to aggregate and analyze security data from multiple sources, positioning 24/7 monitoring and automated response as baseline requirements rather than advanced capabilities.
The MDR Solution Framework
N-able's approach through its AdLumen MDR platform addresses the complexity of multi-source security data aggregation. The platform supports integrations across diverse vendors and technologies (AWS, Azure, CrowdStrike, Cisco, firewalls, O365, Jira, and others) to provide cross-integration detections that correlate events across different security layers. Unlike black-box solutions, AdLumen offers multi-tenant management with fully searchable data, allowing MSPs to manage multiple customers while maintaining visibility into raw security events. The service model spans a spectrum from self-service XDR platform access for mature security operations teams to fully managed 24/7 MDR services with automated threat remediation for organizations early in their security journey. The presenters position this as part of a broader shift where centralized security log aggregation and analysis—once considered advanced—is now a baseline expectation for any organization handling customer data or facing regulatory compliance requirements.
