ExtraHop Named a Representative Vendor in the 2020 Gartner Market Guide for NDR

We live in a post-compromise world. Nation-states and advanced persistent threat organizations have proven adept at thwarting traditional security measures. Growing recognition of this new reality has forced a massive shift in enterprise security budgets as security operations teams focus increasingly on detection and response.

But threat detection and response can take many forms. Much of the focus has centered around more traditional approaches including endpoint detection and response (EDR) and SIEM, but the need for visibility across multicloud and hybrid environments, distributed workforces, and IoT deployments demands a new approach.

Gartner has just released their 2020 Market Guide for Network Detection and Response, which has (again) included ExtraHop as a Representative Vendor*. From our view, Gartner provides analysis of the category, including how network detection and response is being used today, recommendations for implementation, and predictions for the future of the category.

So what exactly is NDR? Here's is Gartner's official definition:

"NDR solutions primarily use non-signature-based techniques (for example, machine learning or other analytical techniques) to detect suspicious traffic on enterprise networks. NDR tools continuously analyze raw traffic and/or flow records (for example, NetFlow) to build models that reflect normal network behavior. When the NDR tools detect suspicious traffic patterns, they raise alerts. In addition to monitoring north/south traffic that crosses the enterprise perimeter, NDR solutions can also monitor east/west communications by analyzing traffic from strategically placed network sensors."

"Response is also an important function of NDR solutions. Automatic responses (for example, sending commands to a firewall so that it drops suspicious traffic) or manual responses (for example, providing threat hunting and incident response tools) are common elements of NDR tools. In 2019, Gartner named this market 'network traffic analysis.' This year, we renamed it 'network detection and response,' because this term more accurately reflects the functionality of these solutions."

*ExtraHop was named a Representative Vendor in the 2019 Market Guide for Network Traffic Analysis, which is followed by the 2020 Market Guide for Network Detection and Response.

Gartner, Market Guide for Network Detection and Response, Lawrence Orans, Jeremy D'Hoinne, Josh Chessman, 11 June 2020

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.