Gartner is a highly respected voice when it comes to recommendations on cybersecurity products. This is especially true in the case of network detection and response (NDR), with NDR users and other cybersecurity practitioners looking to Gartner for recommendations and the network detection and response magic quadrant. Let’s take a look at what Gartner has to say about network detection and response.
What is NDR in Gartner?
When defining network detection and response, Gartner says:
“Network detection and response (NDR) products detect abnormal system behaviors by applying behavioral analytics to network traffic data. They continuously analyze raw network packets or traffic metadata between internal networks (east-west) and public networks (north-south). NDR can be delivered as a combination of hardware and software appliances for sensors, and a management and orchestration console in the form of an on-premises software or SaaS.”
By this definition, an NDR is a system that analyzes network traffic on both internal and public networks to detect unusual activity. This is a relatively broad definition of NDR. While many products that claim to be NDR will fit within this definition, each product will likely perform their data collection, analysis, threat detection, and incident response in different ways.
Which Gartner report shows NDR is becoming mainstream?
The “2022 Market Guide for Network Detection and Response” is the most recent Gartner report that suggests NDR is becoming more mainstream. This report claims that the network detection and response market is growing steadily at a 22.5% rate.
Gartner first recognized network detection and response as a market category in 2020. Since then, they have also published other helpful reports such as the “2023 Top Use Cases for NDR” and the “2023 Voice of the Customer for Network Detection and Response”. It is important to note that Gartner’s reports cannot be accessed without becoming a Gartner client.
What is Magic Quadrant Gartner 2023?
Gartner is well-known for their “magic quadrant”. This chart places different cybersecurity vendors based on their “completeness of vision” and “ability to execute”, leading each vendor to be placed in one of four categories: niche players, visionaries, challengers, and leaders.
Currently, there is no Gartner NDR magic quadrant, however it is hopeful that one might be included in future reports. For now, the best option is to identify the challenges NDR can solve and determine whether those challenges are faced by your organization. If so, NDR might be a good fit for your security strategy.
What are the 4 quadrants of Gartner?
Each magic quadrant places vendors into one of four categories:
- Leaders: These are vendors that execute the product strategy well in comparison to the rest of the industry and are expected to continue excelling at providing a high-quality product.
- Challengers: These are vendors that are doing well currently or are popular within the product category, but Gartner believes that their products are not positioned to grow with the industry in the way that their analysts predict.
- Visionaries: Vendors in this category have a good understanding of where their market is headed and have plans to execute that vision in the future, but are not yet fulfilling that vision or are otherwise doing so inconsistently.
- Niche Players: These vendors are successful in a small segment of the market, but Gartner believes that they are unable to be more innovative or outperform their competitors.
Evaluating NDR Without the Help of Gartner
Hopefully, Gartner will release a network detection and response (NDR) magic quadrant in the future, but until then we are left looking for other ways to evaluate different NDR solutions. The best way we can do that now is by understanding the qualities that make a sophisticated NDR as well as the other cybersecurity products an organization might use. This can give us a good picture of what to look for and what our organizations might need.
The following resources are great next steps for learning more about NDR and determining whether or not it is right for your organization:
- EDR, NDR, and XDR: Exploring Three Approaches to Threat Detection and Response
- Five Essential Requirements for Network Detection and Response (NDR)
- 12 Signs it's Time to Upgrade your Legacy IDS/IPS
To be notified of new blog posts and other news, make sure to subscribe to the Stamus Networks blog and the Stamus Spotlight Monthly Newsletter, follow us on Twitter, LinkedIn, and Facebook, or join our Discord.
