AI | January 26, 2026
By Alex Rassey : Go-To-Market Strategist and Growth Leader
Stats on downtime cost, data breaches, AI, and how better visibility helps
The terms “visibility” and “monitoring” sometimes get used interchangeably by networking and security providers to describe what their product does to improve operations, and in turn, a company’s agility and bottom line. To put a slightly finer point on it, the hybrid network/cloud visibility that Keysight delivers captures and optimizes traffic for use by monitoring tools from leading providers like ExtraHop, Riverbed, Forescout, Nozomi Networks and others to troubleshoot performance and detect or prevent cyberattacks.
Distinguishing the hybrid network and cloud visibility we provide from the more generic visibility delivered by monitoring infrastructures begs a very important and timely question:
How can enterprises quantify the value network visibility provides in optimizing monitoring?
The short answer is: we make using all those other tools more efficient. But it’s worth a closer look at the various ways visibility uplevels operations that are top of mind for enterprises in 2026. For today, we’ll explore three powerful benefits of network visibility in optimizing monitoring:
- Avoiding downtime
- Preventing data breaches
- Improving ROI and security around AI
What does downtime cost in 2026?
Recent research from Uptime Institute’s 7th Annual Outage Analysis 2025 keynote report found:
- More than half (54%) of operators reported that recent significant or severe outages cost them more than $100K
- 20% of respondents said the cost of a recent outage exceeded $1M
Ketchum & Walton Co. found data center outage costs can reach as high as $9K per minute for large companies and even small-to-mid-sized businesses (SMBs) losing $427 for every minute of disruption.
How much can you save by avoiding data breaches?
The de facto source of truth, IBM’s Cost of a Data Breach Report 2025 showed:
- The average global cost of a data breach reached $4.44M
- The average cost in the US was more than double the global average ($10.22M) due to a combination of factors like:
- Potentially higher legal and compliance costs
- Higher costs associated with incident response (IR) and forensics
- Higher total impact in terms of lost business and customer loyalty and reputation
- More extensive communication and notification requirements
The IBM report pegged the average time to contain a breach at 241 days, an improvement over prior years but the breakdown reveals it still takes far too long to find threats initially given AI’s potential to accelerate attacks:
- Mean Time to Identify (MTTI): ~181 days
- Mean Time to Contain (MTTC): ~60 days
Decrypting traffic improves detection threats but threatens tool performance
A recent Google Transparency Report shows 96% of web requests are encrypted (HTTPS). Zscaler’s ThreatLabz 2024 Encrypted Attacks Report similarly found 87.2 % of threats were delivered over encrypted channels.
Encryption protects privileged data but also obscures attack traffic and significantly drives up operations costs. Utilization and the cost to maintain monitoring and Top of Formanalysis tools (SIEM, NDR, etc.) rises in step with surging volumes and higher percentage of encrypted data.
The increased effort to decrypt traffic at scale requires:
- Dedicated appliances
- Additional CPU and specialized hardware
- Management
- Higher-throughput firewalls
- Advanced privacy controls
Security teams face a no-win tradeoff as they can either:
- Examine encrypted traffic as-is and accept the risk that comes with leaving blind spots unexplored
- Decrypt and inspect traffic, often multiple times, which drives up overhead and risks weakening detection accuracy and tool performance
How will AI change the game even more?
It’s more or less a given that AI adoption will accelerate and scale throughout 2026. Gurucul’s 2025 Pulse of the AI SOC: AI Enters the Equation reveals 87% of organizations are already acting to integrate AI into their SOC operations and 79% believe AI-powered automation will be mission-critical within the next 24 months.
- 45% already deem AI essential
- 31% are already using AI across multiple workflows
- 34% are conducting targeted pilots
- 22% are evaluating potential use cases

Source: Gurucul
AI is already paying dividends
While AI-led threats compound risk, automation is helping SOCs offload repetitive tasks, reduce human error, and accelerate response times — making it foundational to modern security operations. Organizations that have embraced AI are already seeing measurable benefits with at least 60% of adopters reporting 25% faster investigation times and 25% citing reductions greater than 50%.

AI also drives costs up
At the same time, AI figures to drive up data center costs this year and into the future due to:
- Higher hardware/CapEx costs: GPUs and AI servers require far greater power which can be much more expensive than traditional compute options. High-end AI GPUs like NVIDIA A100/H100 can run up to $30K meaning a single AI rack with multiple GPUs could easily exceed $500K on hardware alone. Hardware that powers AI also takes up more than its fair share of rack space with~60% of the hardware investment going to GPUs and AI-specific components.
- OpEx overhead costs scale will AI implementations: AI racks can consume up to 10X more power (40–100+ kW per rack compared with ~5–15 kW) than traditional CPU-based servers depending on configuration and density. AI racks can consume up to 10X more power than legacy racks depending on configuration and density. This directly drives electricity bills, cooling, UPS capacity, and other rising costs.
Because AI servers generate so much heat, cooling systems may need to work harder and even may require liquid cooling or advanced designs that add to both upfront and ongoing costs.
- Multi-cloud + hybrid connectivity costs rise as modern architectures generate more traffic, redundancy, and inspection overhead. AI traffic growth, particularly the growth of east-west traffic may warrant the use of higher-speed links (40/100/400G) to create lower-latency infrastructures.
Building a scalable, modern network visibility infrastructure helps enterprises meet these three strategic business objectives — avoiding downtime, stopping breaches from happening, and achieving maximum benefits with AI — of vital importance to their bottom line.
The Growing Importance of Visibility
Here’s how better, faster, more seamless hybrid visibility overcomes the challenges explored above:
Deduplication optimizes tool utilization and ROI
Duplicate traffic typically represents up to 30% of traffic sent to security and performance monitoring tools due to:
- Redundant sessions as multiple teams SPAN the same links
- Asymmetric routing and monitoring
- Redundant uplinks
- Tool-chaining where multiple tools (IPS/NDR, etc.) need access to the same traffic
- East-west mirroring
Mirroring the same traffic to multiple tools creates duplicate monitoring traffic and drives up traffic ingestion costs. This in turn can degrade performance.
Building operations on a strategic foundation like Keysight’s Network Visibility platform eliminates unnecessary duplicate packets and data flows helps minimize costs associated with ingestion, bandwidth/connectivity and storage – any element priced according to data volumes or solution capacity.
As an example, if you typically mirror 20TB of data per day and use a visibility platform to remove 30% of duplicate traffic, you’d eliminate roughly 6TB per day. The related ingestion and storage costs should also get reduced by roughly one-third.
Fewer tools would be required — and it would take much longer for them to get maxed out — which also helps to avoid or defer the costs of upgrading or adding appliances and sensors prematurely. And, the reduced workload promotes better tool performance also reduces the number of false positives and the time analysts waste on SOC triage.
Offloading decryption
Like we’ve been saying for some time, decryption may usurp up 60-80% of a tool’s capacity, leaving just 20-40% available for traffic inspection. Offloading decryption to a visibility platform improve utilization and ROI on inline tools like firewalls by up to 75% — each — without requiring you to invest in dedicated decryption devices.
Running AI agents on packet brokers can reduce deployment costs by half
As we’ve seen, in a typical deployment, AI compounds the cost of monitoring in three areas:
- Infrastructure: High-density servers and related power/cooling requirements
- Networking: More east-west traffic, faster links, redundant connectivity
- Security and compliance: Encrypted traffic inspection and audit requirements
To offset these rising expenses, Keysight’s Application Fusion Program enables enterprises to run agents from their preferred monitoring solutions directly onboard our Vision network packet brokers (NPBs). Companies can deploy AI-powered monitoring agents from multiple Keysight alliance partners and avoid up to 50% of overall incremental CapEx and OpEx costs associated with the traditional approach.
Here’s some sample math:
- CPU / dedicated server approach: At ~$10K–$30K per server, Integrating onto an existing platform can save tens of thousands to hundreds of thousands upfront if it avoids dedicated AI hosts.
- GPU server approach: ~$50k–$250k+ per node depending on GPU count/model
- Savings on licensing fees incurred when pricing scales in step with the number of nodes: AI stacks may charge according to the number of hosts and ingestion endpoints. Running the agent on the packet broker — “where the data already is” — helps avoid excessive or escalating fees associated with adding clusters and ingestion tiers.
Given how fast things change, this may well be just the beginning. In the meantime, it’s safe to say that the more you consolidate around fewer core platforms, the more time, effort, and related costs you stand to save.
Learn more about joint solutions from Armis and Keysight.
Related resources
Get Resources Like This Delivered To Your Inbox
[activecampaign form=1 css=0]
