GigaOm Radar for Network Detection and Response (NDR)v1.0

Securing the Enterprise

Table of Contents

  1. Summary
  2. Market Categories and Deployment Types
  3. Key Criteria Comparison
  4. GigaOm Radar
  5. Vendor Insights
  6. Analyst’s Take
  7. About Ivan McPhee

1. Summary

Today’s IT infrastructure is becoming increasingly elaborate, comprising hybrid cloud and on-premises environments, internet of things (IoT) devices, and third-party providers. As a result, organizations face the almost impossible task of protecting complex environments against all attack vectors. With traditional security solutions—such as firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and security information and event management (SIEM) systems—unable to provide complete protection, new technologies are needed to detect anomalous behaviors and provide investigative capabilities in the event of a network breach.

Also known as network traffic analysis (NTA), network detection and response (NDR) is a modern security solution for mitigating the risk of advanced cyberattacks, such as advanced persistent threats (APTs), data exfiltration, lateral movements, malware activity, and ransomware. Complementing other detection tools, NDR solutions analyze raw network packet traffic or traffic flows, including both north-south traffic between the internet and internal hosts and east-west traffic between internal hosts to identify malicious activity, address low false positive rates, and detect anomalies that other tools using known attack patterns or signatures can’t identify.

Unlike endpoint detection and response (EDR)—which monitors and prevents endpoint attacks—or extended detection and response (XDR)—which collects and correlates data from multiple security components—NDR analyzes network traffic in real time and uses a variety of advanced technologies—such as behavioral analytics and machine learning—to detect unknown malware and any irregular activity that may indicate a cyberattack. Comparing current traffic against a baseline of regular network traffic, NDR solutions continuously monitor the network; correlate events across time, users, and applications; and surface security-relevant context to help mitigate the attack via native capabilities or integration with other security tools or security orchestration, automation, and response (SOAR) solutions.

This GigaOm Radar report highlights key NDR vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating NDR Solutions,” we describe in more detail the capabilities and metrics that are used to evaluate vendors in this market.

This is our first year evaluating the NDR space in the context of our Key Criteria and Radar reports. All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

  • Comprehensive threat detection
  • Non-signature-based threat detection
  • North-south and east-west monitoring
  • Built-in incident response

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.