Action Plan for Network Blueprints
Network security teams will benefit by following a deliberate action plan to create, maintain
and utilize a network blueprint to support their cybersecurity objectives in the context of a
network detection and response (NDR) approach. This plan is best developed jointly between the network and security teams. While every organization will have a different baseline, the
following steps will generally apply to the establishment of an accurate network blueprint:
Step 1) Existing Network Documentation. Any plan for developing a network blueprint in the
context of NDR must start with an inventory of existing documentation. The goal is to develop a
comprehensive view of the current (and planned) network environment. This step should
include taking inventory of any network visibility or management tools, as well as including
interviews and discussions with network experts in the organization.
Step 2) Network Blueprint Objectives. Once the inventory has been established, the network
and security teams can work together to develop a set of objectives for both network blueprint
creation and NDR deployment. This can include a collage of security, management, support, and
performance objectives since an accurate network blueprint will have positive implications for
each of these areas of network support and operation.
Step 3) Review of Network Blueprint Platforms. Many excellent commercial and open-source
platforms and tools exist that support both NDR and network blueprint creation. As one might
expect from this blog series, the TAG Cyber team recommends that Cynamics be included in
such process selection.
Step 4) Establishment of a Network Blueprinting Process. The final step is to begin planning
a deployment. Usually, this must be done lightly because agents and appliances are required, but
in the case of the Cynamics SaaS platform, deployment can be done more rapidly and without
the encumbrance of having to deal with a lengthy implementation project of installing and
configuring agents and appliances in the network. It usually takes just a few minutes to onboard
and have full network visibility and threat prediction to cover your entire network.
About TAG Cyber
TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights
and recommendations to security solution providers and Fortune 100 enterprises. Founded in
2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-
for-play research by offering in-depth research, market analysis, consulting, and personalized
content based on hundreds of engagements with clients and non-clients alike—all from a
former practitioner perspective.
Copyright © 2022 TAG Cyber LLC. This report may not be reproduced, distributed, or shared without TAG Cyber’s written
permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as
consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report
are disclaimed herein.
Dr. Edward Amoroso
TAG Cyber CEO
November 23, 2022