Key Takeaways: The 2020 Gartner Market Guide for Network Detection and Response

Key Takeaways: The 2020 Gartner Market Guide for Network Detection and Response

Analyst house Gartner, Inc. recently released its new Market Guide for Network Detection and Response. The researcher’s Market Guide series is meant to cover new and emerging markets where software products and organizational requirements are in limbo. Gartner’s Market Guides can be a great resource for understanding how a fledgling space may line up with current and future technology needs.

According to Gartner, “With the focus on early, more chaotic markets, a Market Guide does not rate or position vendors within the market, but rather more commonly outlines attributes of representative vendors that are providing offerings in the market to give further insight into the market itself.” Though Gartner’s Market Guide is not provider-centric, it aims to provide a more overarching view of the software space. However, the researcher does mention the major players as things take shape.

Our Network Monitoring Buyer’s Guide contains profiles on the top network performance monitoring vendors, as well as questions you should ask providers and yourself before buying. We also offer a Free and Open Source Network Monitoring Buyer’s Guide if you’re a small business or have a tighter budget but still want enterprise-grade monitoring for business networks.

Gartner highlights the following providers of network detection and response (NDR) tools: Awake Security, Blue Hexagon, Bricata, Cisco, Corelight, Darktrace, ExtraHop, Fidelis Cybersecurity, FireEye, Flowmon, Gigamon, GREYCORTEX, Hillstone Networks, IronNet, Lastline, Plixer, and Vectra. At Solutions Review, we read the report, available here, and pulled out the key takeaways.

Gartner defines the NDR market as tools that “primarily use non-signature-based techniques (for example, machine learning or other analytical techniques) to detect suspicious traffic on enterprise networks. NDR tools continuously analyze raw traffic and/or flow records (for example, NetFlow) to build models that reflect normal network behavior. When the NDR tools detect suspicious traffic patterns, they raise alerts. In addition to monitoring north/south traffic that crosses the enterprise perimeter, NDR solutions can also monitor east/west communications by analyzing traffic from strategically placed network sensors. Automatic responses (for example, sending commands to a firewall so that it drops suspicious traffic) or manual responses (for example, providing threat hunting and incident response tools) are common elements of NDR tools.”

Despite the NDR market being relatively new compared to other tools, Gartner noted the high number of vendors that have already offered fairly mature solutions. Some of this is due to vendors previously offering network traffic analysis (NTA) solutions, many of which acted as precursors to the providers’ NDR tools. However, as the analysts note in the report, NDR has a low barrier to entry for vendors, meaning it’s easier for a business to design and sell dedicated NDR software. While the number of NDR vendors may seem overwhelming for prospective clients, Gartner’s research found that most customers are generally satisfied with their solutions.

The majority of NDR vendors that don’t focus solely on offering an NDR solution offer other network-centric services and software, targeting specific network use cases. Specifically, several network performance monitoring and diagnostics (NPMD) companies have adapted their network solutions to handle network security tasks, including detection and response. By applying specific analytical techniques like artificial intelligence and machine learning, a vendor can transform its network monitoring suite to also detect and respond to security issues.

Gartner notes that providers are focusing on enhancing detection and response capabilities to add new capabilities. On the detection side, vendors are improving their ability to find suspicious patterns in encrypted traffic, adding termination, decryption, and analysis features for TLS traffic. For response capabilities, vendors are broadening partnerships with vendors of firewall, network access control, security operations automation response, endpoint detection and response, and other security tools.

Read the Market Guide for Network Detection and Response here.


Looking for a solution to help you improve your network performance? Our Network Monitoring Buyer’s Guide contains profiles on the top network performance monitor vendors, as well as questions you should ask providers and yourself before buying.

Check us out on Twitter for the latest in Network Monitoring news and developments!

Daniel Hein

Dan is a tech writer who writes about Enterprise Cloud Strategy and Network Monitoring for Solutions Review. He graduated from Fitchburg State University with a Bachelor's in Professional Writing. You can reach him at dhein@solutionsreview.com
Daniel Hein