2020 Vendors to Know: Network Detection and Response

Solutions Review’s listing of the Vendors to Know: Network Detection and Response is a mashup of products that best represent current market conditions, according to the crowd. Our editors selected the network detection and response solutions listed here based on each solution’s Authority Score, our meta-analysis of real user sentiment through the web’s most trusted business software review sites, and our own proprietary five-point inclusion criteria.

Who are the Vendors to Know in Network Detection and Response in 2020?

The editors at Solutions Review continually research the most prominent and influential network detection and response vendors to assist buyers in search of the tools befitting the needs of their organization. Choosing the right vendor and solution can be a complicated process; it requires constant market research and often comes down to more than just the solution and its technical capabilities. To make your search a little easier, we listed the 12 Vendors to Know in Network Detection and Response.

Note: Companies are listed in alphabetical order.

Arctic Wolf

Arctic Wolf is a managed network detection and response vendor that allows users find and monitor cyberthreats. The vendor’s SOC-as-a-Service offering identifies vulnerabilities in existing systems, hunts threats, and prioritizes remediation. Arctic Wolf also delivers managed cloud monitoring to provide visibility to cloud services, giving users a better understanding of their environment.

Attivo Networks

Attivo Networks’ ThreatDefend Platform is a network detection and response solution that provides deception technology for post-compromise threat detection and accelerated incident response. The solution is broken down into two components: BOTsink and ThreatDirect. BOTsink detects in-network threat activity across all attack surfaces as attackers seek target resources.

CI Security

CI Security’s Critical Insight Managed Detection and Response platform helps users protect their data and extend their security investments. The platform receives logs from an on-premise collector, from the cloud, or from hybrid environments. It prioritizes alerts sent to a Critical Insight Expert Analyst for investigation in the company’s security operations centers. The solution can monitor anything that security systems produce and capitalize on a user’s investments.

Darktrace

Darktrace Enterprise Immune System is a network detection and response solution that takes advantage of a self-learning cyber AI technology. It detects novel attacks at an early stage, spotting subtle signals of attacks without relying on rules or prior assumption. The solution takes advantage of AI and machine learning to understand your organization, observing users, devices, cloud containers, and workflows to piece together what is considered “normal” network operation.

Expel

Expel is a managed network detection and response provider that seeks to help users struggling with their current managed security services provider (MSSP). Expel provides proactive threat hunting and advanced data analytics to provide context-driven insights and alerts that go beyond what other security products deliver. The vendor also offers alert triage capabilities to weed out false positives.

ExtraHop

ExtraHop Reveal(x) is a cloud-based network detection and response platform that gives organizations real-time visibility into their network from the inside out. Reveal(x) performs real-time analysis, automatically discovering and classifying key events. Users can see every action that occurs on their network and rectify any issues or mistakes. When Reveal(x) detects a problem, it investigates further using threat intelligence capabilities and responds according to its findings.

FireEye

FireEye Network Security and Forensics allows users to defend their network from attacks and detect hidden threats. The solution applies signature-less detection and protection against advanced threats, including zero-day security issues. It combines heuristics, code analysis, statistical analysis, emulation, and machine learning in its sandboxing solution, enhancing detection efficacy with frontline intelligence derived from the world’s largest breaches.

Lastline

Lastline Defender detects and automatically responds to advanced network threats. The platform detects and contains sophisticated security incidents before they disrupt a user’s business, delivering high-fidelity insights from the cybersecurity industry into threats entering or operating in your on-premises and cloud network. Lastline Defender’s analysis capabilities combine four AI-powered technologies to detect advanced threats that other security tools miss.

LogRhythm

LogRhythm NetworkXDR is a network security solution that detects network-borne threats and features SOAR capabilities. NetworkXDR recognizes thousands of applications at Layer 7 with advanced analytics and customizable dashboards for threat hunting, corroborating high-risk network activities to minimize false positives. To gain insights into your network, NetworkXDR searches rich network traffic metadata with full selective intelligent packet capture.

Nuspire

Nuspire is a managed network detection and response provider that hunts, contains, analyzes, and remediates unknown threats before they impact your business. The vendor aggregates and correlates events within minutes, providing a sensor-based, fully managed 24×7 network security service. Nuspire’s managed service team reduces threat dwell times and avoid network impact with deep forensic investigations thanks to the provider’s threat intelligence capabilities.

Vectra

Vectra’s Cognito Platform is a network detection and response solution that delivers intelligent, AI-driven threat detection for cloud, SaaS, and on-premise footprints. The Cognito Platform utilizes the power of artificial intelligence to intelligently detect threats on a network and takes actions to remediate them. Vectra collects and stores network metadata and enriches it with machine learning, using its customer pre-built SaaS app to investigate and hunt for threats based on AI-driven detections.

Verizon

Verizon Network Detection and Response is a managed service offering that gives users the power to secure their digital infrastructure. The vendor delivers network visibility, threat detection, and forensic analysis of suspicious network activities. Verizon’s NDR services capture, optimize, and store network traffic from multiple infrastructure in a single cloud haystack. The services can also integrate with existing security investments for a more complete detection and visibility of threats.

To compare the best network monitoring tools, consult our Network Monitoring Buyer’s Guide.