In the cybersecurity world, we talk a lot about the countless ways attackers are innovating, but network security strategies and the technology behind them have also evolved rapidly over the course of a few short years. To help security organizations understand how network security products are changing and where the market is headed, Gartner® recently released the 2022 Market Guide for Network Detection and Response.
The Gartner Market Guide for Network Detection and Response offers guidance for organizations looking to adopt or expand network detection and response (NDR) capabilities. The report covers current market trends, predictions on the future of NDR technology, and information to help organizations evaluate vendors.
According to the report, "The network detection and response (NDR) market continues to grow steadily at 22.5%, per the latest Gartner security forecast, despite increased competition from other platforms." The report also sums up the benefits of best-in-class NDR solutions: "Enterprises should strongly consider NDR solutions to complement signature-based tools and network sandboxes. Many Gartner clients have reported that NDR tools have detected suspicious network traffic that other perimeter security tools had missed."
While the benefits of detecting activity that bypasses perimeter security offers a simple explanation for increased NDR adoption, our analysis of the report's findings highlights a key trend: NDR is becoming more accessible as vendors respond to demand for simpler, streamlined security solutions.
Network Detection and Response Trends
NDR for Simplified Incident Response
According to the report, "One of the benefits of NDR technology is the ability of its management and monitoring consoles to facilitate incident response workflows. Event aggregations and predefined views reduce the learning curve and provide a visibility that small security teams appreciate."
It can be argued that, just a few years ago, NDR was seen as a complex solution best suited for advanced security operations teams. While many NDR products on the market today still include rich telemetry and forensics capabilities that are ideal for sophisticated threat-hunting operations, we're seeing how, by aggregating data and correlating threat detections, NDR as a product category has adapted to meet the needs of smaller security operations teams.
Improved incident response workflows from a single solution are helpful, but today's security teams require data from a range of sources. As a result, NDR customers are beginning to embrace the technology as a complement to existing security solutions.
The Gartner report explains how security teams are adopting this approach: "Organizations rely on NDR to detect and contain postbreach activity such as ransomware, insider threats, or lateral movements. NDR complements other technologies, which trigger alerts primarily based on rules and signatures, by building heuristic models of normal network behavior and spotting anomalies."
NDR Integration and Automation
By using NDR along with other security tools, security teams close visibility gaps—but adding an NDR solution may not be enough for teams looking to further simplify investigations. In response, forward-thinking NDR vendors are embracing the idea of a security ecosystem by making it easier to integrate their products with other data sources.
Among the list of recent trends, the report explains how NDR products are adding new sensors "by building or integrating with endpoint sensors, such as EDR, ingesting third-party logs like SIEM, analyzing software/platform/infrastructure-as-a service events through their monitoring APIs, or adding support for OT use cases."
We're also seeing signs that NDR has become a staple of best-of-breed XDR strategies. To us, this is another indicator of how integrated network data from NDR supports streamlined workflows. According to the Market Guide:
"XDR as an architecture can be described as sharing some aspects of SIEM, but it carries an increased expectation to surface new and precorrelated events from multiple types of sensors. NDR technology can contribute to XDR by detecting network-based anomalies and by adding and correlating these events in the centralized dashboard."
Evaluating NDR Solutions
While general market trends show that NDR as a product category can lead to a more efficient SOC, we would argue that organizations should evaluate usability features such as integration capabilities and user experience in addition to detection capabilities, and visibility into commonly exploited blind spots such as cloud workloads or encrypted protocols.
For organizations looking to evaluate NDR as part of their security strategy, the 2022 Market Guide for Network Detection and Response provides a list of 19 Representative Vendors that meet the market definition of NDR, with recommendations to help organizations compare solutions.
Download the Report: Gartner Market Guide for Network Detection and Response
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.