We work a lot with smaller organizations, and there’s one thing we’ve noticed: They don’t always have a clear picture of what’s going on inside their network, despite their perception that they have the entire landscape covered. They don’t know what they don’t know.

Nomic’s Insight comes in and provides the missing piece.

Why SMBs Lack Visibility – and Don’t See Why

“You keep using that word,” Inigo Montoya points out to Vizzini in The Princess Bride. “I do not think it means what you think it means.” Small to medium-sized businesses often do not have the resources for large, mature cybersecurity teams or the expertise they provide.

Consequently, we notice that the offering they think they’re getting is not always the one they do get. For example, a Managed Detection and Response (MDR) service is most likely going to be implemented on the endpoint with EDR – That’s a great start, but it’s missing the network perspective Network Detection and Response (NDR) provides.

That means that the coverage so many SMBs get after buying these MDR solutions (which are often touted as full-visibility products) only extends to the endpoints – laptops, desktops, mobile phones, servers, and anything else touching an end-user. Critical stuff, but it’s still missing visibility into everything on your network between the endpoints.

And 100% coverage of endpoints isn’t likely either. EDR won’t cover most IoT, SCADA systems, Operational Technology (OT) systems, or Shadow IT.

So what can be used to fill the gap?

Enter Insight for In-Depth Visibility

At Nomic, we wanted our NDR solution to give SMBs comprehensive visibility into all their network traffic, no matter the endpoint. That means:

• Network coverage: A record of every network conversation, providing detailed context enriched with critical contextual information like ASN, geolocation, and application protocol.
• Flow Search Signals: Build out a library of search filters specific to your network, and receive alerts when these filters uncover interesting traffic.
• Anomaly Detection and Behavioral Analysis: Going beyond signature-based tools, ML/AI-powered detections can spot unique patterns that point to malicious behavior.
• Network traffic history: Rare for most NDR solutions, easily “rewind” your network traffic history to see correlated logging of all network flows, DNS queries, and web sessions from the North, South, East, and West.

Now, SMBs can add defense-in-depth layers to their strategy, as they can finally see the layers they need to defend. Insight opens visibility to:

• IoT
• Shadow IT
• SCADA and OT systems
• New devices, applications, and services
• Lateral movement and reconnaissance

How Insight Works

Insight offers SMBs visibility across their entire network and provides an alternative to costly or complicated SIEMs, which can be hard to come by for smaller outfits. One of the key ways it provides this level of visibility is through “Insight Flows,” or network flows, as mentioned above.

Flows are traffic metadata and record the who, what, when, and where of your network. Insight not only keeps these records but enriches them with additional external data and keeps them organized, accessible, and easy to search for investigations. Going beyond the typical “5 tuple,” Insight enriches flows with additional information:

• Geolocation | The country from which the traffic originated
• Autonomous System Number (ASN) | Who owns the IP block?
• Threat Intelligence | Our proprietary CINS Feed combined with trusted public sources of threat intelligence.
• Enhanced IP and App Protocols | App- or vendor-specific protocol information for additional context.

Knowing that attackers look for weak spots, SMB coverage needs to extend everywhere. There is no such thing as “too small to hack,” as small enterprises are constantly targeted for their vital (and often unprotected) roles in crucial supply chains. As we noted in a previous blog, “As a hub connected to many enterprise spokes, SMBs have a particular responsibility to maintain above-average security stacks and not leave anything to chance.” Only having visibility on the endpoints is leaving a lot to chance, and it’s a chance SMBs no longer have to take with Insight.

We know small to mid-sized organizations can only do so much, which is why Insight is a great force-multiplier for teams without the resources to hold down a SIEM or XDR solution, but who still need the same protection nonetheless. By being clever, Insight – with its global threat intelligence feeds and ML/AI-based signals between the endpoints – can help small businesses gain full visibility across their entire network, outsmart resource limitations, and stay one step ahead of attackers.