The report Gartner 2022 Market Guide for Network Detection and Response, published in December, shows that security and risk managers should prioritize Network Detection and Response (NDR) as a complementary tool to other detection tools, as it focuses on maintaining low false alarm rates and detecting anomalies not covered by other solutions. An honorable mention in this area went to Vectra AI, whose platform provides organizations with visibility to help detect and respond to cyber attacks.
According to the report, "Organizations rely on NDR to detect and block activity after a successful attack, such as ransomware, threats from within the network, or lateral network traffic. NDR is complemented by technologies that trigger alerts based primarily on rules and signatures, building heuristic models of normal network behavior and spotting anomalies." The report also states that “security and risk managers should prioritize NDR as a complementary tool to other detection tools, focusing on low false alarm rates and detecting anomalies not covered by other controls.”
“We believe Vectra AI's recognition in the Gartner Market Guide confirms our position as a trusted partner offering proven solutions for Network Detection and Response,” he says Massimiliano Galvagna, Country manager for Italy of Vectra AI, awarded in the “Representative Vendors in Network Detection and Response” category. "To stem the growing number of threats, security teams need complete visibility into their environments, so they can detect signs of an attack before it becomes a breach. With the right configuration, NDR can provide effective protection against ransomware."
Vectra's threat detection and response platform analyzes network packets using hardware device sensors and virtual software sensors. It also works directly with some SaaS APIs and cloud-based IaaS directory services logs to provide threat detection and response to these use cases. Vectra NDR is based on several detection engines, with a strong focus on machine learning and deep learning methods for behavioral analysis-based detection. The platform uses its own threat intelligence sources during analysis, and customers can import their own as well.
The main findings of the report
- According to Gartner's latest security forecasts, the Network Detection and Response (NDR) market is recording constant and stable growth of 22.5%, despite increased competition from other platforms.
- Companies that implemented NDR first are in the process of renewing services, so incident response and orchestration workflows are gaining greater weight in contract evaluation.
- Some NDR providers are attracting most of the market's attention. Organizations with specialized sensing needs would benefit from a mix of established vendors and emerging local players.
Recommendations
To develop their network detection and response capabilities, security and risk managers should:
- Complement existing detection solutions by implementing NDR tools to detect anomalous behavior and investigate activities after a successful security breach.
- Identify gaps in your existing processes to determine whether the anomalies that NDR can detect correspond to the most pressing detection gaps.
- Compare NDR vendor offerings by preparing reasonable metrics and evaluating the positive impact of NDR tools on threat detection, Security Operation Center (SOC) productivity, and automated response.
Strategic planning forecasts
- By 2026, the percentage of companies evaluating NDR capabilities only within stand-alone products will drop to 70% (currently 90%).
- By 2027, more than half of NDR detections will come from cloud environments (currently less than 10%).
- By 2027, automated response to detected network anomalies will not exceed 40% of all detected anomalies.
For the full Gartner Market Guide for Network Detection and Response 2022 report, click who.
