Industry Exchange Cyber 2026: OPSWAT’s Michael Arcamone on why there’s no such thing as ‘too much’ network visibility - Federal News Network

INSIGHT BY OPSWAT CYBERSECURITY Industry Exchange Cyber 2026: OPSWAT’s Michael Arcamone on why there’s no such thing as ‘too much’ network visibility By integrating tracking tools and adding deep analysis, it’s possible to achieve zero trust and cybersecurity in the AI age, OPSWAT chief strategy officer says. Tom Temin@tteminWFED February 9, 2026 9:00 am           Network detection and response, or NDR, in some sense has been a critical cybersecurity function since the beginning of time. With the advent of hybrid cloud environments, multiplying endpoints and attacks revved up by cybersecurity, NDR is more important than ever. To keep up, you need an NDR platform capable of making sense of it all to network defenders. “An NDR platform is critical,” said Michael Arcamone, the chief strategy officer at OPSWAT, “because it provides real time visibility of network traffic across complex hybrid environments, whether they’re on premises, in the cloud, or OT (operational technology).” Arcamone outlined three reasons why during Federal News Network’s Industry Exchange Cyber 2026: First, a fully capable platform “can detect breaches, emerging threats, zero day exploits and sophisticated tactics, techniques and procedures leveraged by state sponsored threat actors — prior to them reaching your endpoints.” Second and equally important, such an NDR should interoperate with tools the agency already has, such as firewalls and applications for endpoint detection and response (EDR); security information and event management (SIEM); and security orchestration, automation and response (SOAR). Ideally, NDR can pull in all of this data so operators can see everything from the proverbial single pane of glass. Third, an NDR “helps achieve compliance with federal requirements and mandates by providing auditable evidence” that the agency has engaged in continuous management and the anomaly detection that follows from it. Arcamone advocates for platforms that simplify the work of cybersecurity practitioners. This stems from his history as one himself. He once ran the Pentagon’s computer center response team, including its security operations center. “And going back historically, a lot of the tasks that we were performing as analysts were manual — involved a lot of heavy lifting,” he said. With NDRs, “we’ve automated a lot of the manual tasks we are performing as analysts to make our lives a lot easier.” Ensuring visibility in hybrid environments In recent years, detection and response have become more difficult thanks to hybrid hosting environments. Agencies, using multiple commercial clouds, don’t own the infrastructure into which they must have visibility. Arcamone said OPSWAT’s NDR deploys in the very clouds an agency is using, from which it can inspect data at rest, in motion and in use. “NDR platforms in general support a variety of deployment options,” he said. “Whether it’s on premises, in the cloud or operational technology, we support it.” He recommended discovering the potential security challenges during the proof-of-concept stage of exploring NDRs. “Typically, we see technical challenges agencies run into are related to network protocol support; network throughput support; the location, visibility of encrypted traffic or lack thereof; alert fatigue; and false positives and false negatives,” Arcamone said. “A lot of these challenges can be identified during the proof-of-concept process, when you’re evaluating the NDR platform.” Planning for an NDR, Arcamone said, requires “clearly defining your technical and functional requirements, establishing your success criteria, doing your market research and then selecting three or four different NDR platforms to evaluate both in your lab environment as well as your production environment.” Moreover, the agency should establish metrics to evaluate the success of the chosen NDR, measuring them both before and after deployment. Arcamone named several, including mean times to detect and respond to incidents, reduction in so-called “dwell time” of malicious software, reductions in user alert fatigue and fewer false negatives or positives. He said other potential measures of effectiveness concern compliance, performance and scalability, but dwell time and what he called alert fidelity should top any list. Understanding NDR differentiators NDRs are not all created equal, and Arcamone mentioned several differentiators he believes distinguish OPSWAT. “First and foremost is the analysis that we perform and provide,” he said. Arcamone said OPSWAT’s platform can capture and inspect traffic running at up to 100 gigabits per second. It extracts files and analyses them. “As part of that analysis, we leverage deep packet inspection, deep session inspection and deep file inspection,” he said, adding that the company has patented its deep file inspection method. Beyond that, he said OPSWAT can inspect files that have already traversed the network, a function he called retro hunting. “Retro hunting is the ability to retrospectively analyze network traffic … with the latest intelligence that we have,” Arcamone said. The NDR’s breach detection function supports efforts to establish zero trust, he said. That’s backed up with comprehensive intelligence gathering the company performs “to deliver high fidelity, actionable intelligence to our customers.” Arcamone called his 15 years at the Pentagon “one of the best experiences of my life.” His team’s purview extended beyond the Pentagon itself to 60 sites throughout the National Capital Region. “We not only performed the monitoring and response operations, but we also owned the infrastructure,” he said. “Everything from the network backbone to the wall plate, we owned in terms of network detection, response platforms, firewalls and so on. It was really a great experience for me, and it’s really prepared me for my career.” Taking premium advantage of modern NDRs A modern NDR, he said, not only monitors external and internal assets to the wall plate, it also incorporates data from endpoint management systems to reach assets beyond the wall plate. “While visibility that the NDR platform has is at the network layer,” Arcamone said, “it does integrate with endpoint detection and response platforms that have visibility of the endpoints, whether they’re workstations or servers.” He said OPSWAT’s analytical functions at the network layer can monitor insider threats — even if they originate on endpoints. Arcamone said, “Given the sophistication of our platform and a lot of machine learning based anomaly detection that we perform, we’re able to identify those threats even across encrypted channels.” Discover more articles and videos now on our Federal News Network’s Industry Exchange Cyber 2026. Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.           Tom Temin Tom Temin is host of the Federal Drive and has been providing insight on federal technology and management issues for more than 30 years. Follow @tteminWFED Sign up for breaking news. Related Stories AP Photo/Jose Luis Magana As HHS looks to speed up AI in clinical care, the big questions are burden, trust and what comes next ARTIFICIAL INTELLIGENCE Read more DoD to evaluate ‘external’ CMMC risks CYBERSECURITY Read more National security acquisition overhaul: Industry can play a positive role COMMENTARY Read more Related Topics ALL NEWS CYBERSECURITY FEDERAL INSIGHTS INDUSTRY EXCHANGE CYBER 2026 MICHAEL ARCAMONE OPSWAT TECHNOLOGY TOM TEMIN TOP STORIES Navy revamping SBIR, STTR programs with focus on speed NAVY D.C.-area feds will get early dismissal due to severe weather WORKFORCE Many DHS employees miss first full paychecks as shutdown continues GOVERNMENT SHUTDOWN VA ordered to restore AFGE contract under federal judge’s temporary order VETERANS AFFAIRS Navy adjusts rollout of enterprise safety reporting system after shutdown delays NAVY A year after mass layoffs, Education Dept keeps handing off its programs to other agencies REORGANIZATION