Gartner is a highly respected voice when it comes to recommendations on cybersecurity products. This is especially true in the case of network detection and response (NDR), with NDR users and other cybersecurity practitioners looking to Gartner reports such as the "2024 Market Guide for Network Detection and Response" for recommendations and the network detection and response magic quadrant. Let’s take a look at what Gartner has to say about network detection and response.
When defining network detection and response, Gartner says:
“Network detection and response (NDR) products detect abnormal system behaviors by applying behavioral analytics to network traffic data. They continuously analyze raw network packets or traffic metadata between internal networks (east-west) and public networks (north-south). NDR can be delivered as a combination of hardware and software appliances for sensors, and a management and orchestration console in the form of an on-premises software or SaaS.”
By this definition, an NDR is a system that analyzes network traffic on both internal and public networks to detect unusual activity. This is a relatively broad definition of NDR. While many products that claim to be NDR will fit within this definition, each product will likely perform their data collection, analysis, threat detection, and incident response in different ways.
The “2022 Market Guide for Network Detection and Response” is the most recent Gartner report that suggests NDR is becoming more mainstream. This report claims that the network detection and response market is growing steadily at a 22.5% rate.
Gartner first recognized network detection and response as a market category in 2020. Since then, they have also published other helpful reports such as the “2023 Top Use Cases for NDR” and the “2023 Voice of the Customer for Network Detection and Response”. It is important to note that Gartner’s reports cannot be accessed without becoming a Gartner client, however Stamus Networks has made the "2024 Market Guide for Network Detection and Response" available to download for free.
Gartner is well-known for their “magic quadrant”. This chart places different cybersecurity vendors based on their “completeness of vision” and “ability to execute”, leading each vendor to be placed in one of four categories: niche players, visionaries, challengers, and leaders.
Currently, there is no Gartner NDR magic quadrant, however it is hopeful that one might be included in future reports. For now, the best option is to identify the challenges NDR can solve and determine whether those challenges are faced by your organization. If so, NDR might be a good fit for your security strategy.
Each magic quadrant places vendors into one of four categories:
Hopefully, Gartner will release a network detection and response (NDR) magic quadrant in the future, but until then we are left looking for other ways to evaluate different NDR solutions. The best way we can do that now is by understanding the qualities that make a sophisticated NDR as well as the other cybersecurity products an organization might use. This can give us a good picture of what to look for and what our organizations might need.
The following resources are great next steps for learning more about NDR and determining whether or not it is right for your organization:
To be notified of new blog posts and other news, make sure to subscribe to the Stamus Networks blog and the Stamus Spotlight Monthly Newsletter, follow us on Twitter, LinkedIn, and Facebook, or join our Discord.