top of page

Action Plan for Network Blueprints

Network security teams will benefit by following a deliberate action plan to create, maintain

and utilize a network blueprint to support their cybersecurity objectives in the context of a

network detection and response (NDR) approach. This plan is best developed jointly between the network and security teams. While every organization will have a different baseline, the

following steps will generally apply to the establishment of an accurate network blueprint:

Step 1) Existing Network Documentation. Any plan for developing a network blueprint in the

context of NDR must start with an inventory of existing documentation. The goal is to develop a

comprehensive view of the current (and planned) network environment. This step should

include taking inventory of any network visibility or management tools, as well as including

interviews and discussions with network experts in the organization.

Step 2) Network Blueprint Objectives. Once the inventory has been established, the network

and security teams can work together to develop a set of objectives for both network blueprint

creation and NDR deployment. This can include a collage of security, management, support, and

performance objectives since an accurate network blueprint will have positive implications for

each of these areas of network support and operation.

Step 3) Review of Network Blueprint Platforms. Many excellent commercial and open-source

platforms and tools exist that support both NDR and network blueprint creation. As one might

expect from this blog series, the TAG Cyber team recommends that Cynamics be included in

such process selection.

Step 4) Establishment of a Network Blueprinting Process. The final step is to begin planning

a deployment. Usually, this must be done lightly because agents and appliances are required, but

in the case of the Cynamics SaaS platform, deployment can be done more rapidly and without

the encumbrance of having to deal with a lengthy implementation project of installing and

configuring agents and appliances in the network. It usually takes just a few minutes to onboard

and have full network visibility and threat prediction to cover your entire network.

About TAG Cyber

TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights

and recommendations to security solution providers and Fortune 100 enterprises. Founded in

2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-

for-play research by offering in-depth research, market analysis, consulting, and personalized

content based on hundreds of engagements with clients and non-clients alike—all from a

former practitioner perspective.  

Copyright © 2022 TAG Cyber LLC. This report may not be reproduced, distributed, or shared without TAG Cyber’s written

permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as

consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report

are disclaimed herein.


Dr. Edward Amoroso


November 23, 2022

Recent Posts

See All

“Hackers have exploited an unpatched zero-day vulnerability in Cisco’s networking software to compromise tens of thousands of devices, researchers have warned. Cisco on Monday issued an advisory warni

bottom of page