NEW

The True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
Contact us
Menu iconX icon
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right
Sign In
Contact us

Arrow pointing leftBlog

Where Does NDR Stand in the 2020 Gartner Hype Cycle for Security Operations?

Chase Snyder

February 19, 2021

Savvy security professionals have long turned to the network for vital insight and forensic evidence. Now, the broader market is starting to understand Network Detection and Response (NDR), and getting closer to acknowledging and taking advantage of its true potential.

The 2020 Gartner Hype Cycle for Security Operations shows NDR well past the Peak of Inflated Expectations, and drawing near to the Slope of Enlightenment. The report defines NDR as follows:

"Network detection and response (NDR) technology uses a combination of machine learning, rule-based detection and advanced analytics to detect suspicious activities on enterprise networks. NDR tools analyze raw traffic and/or flow records (for example, NetFlow) to build models that reflect normal network behavior. When the NDR tools detect abnormal traffic patterns, they raise alerts. NDR solutions monitor north-south and east-west traffic. These tools also provide workflow capabilities to enable security teams to respond to incidents."

The report goes on to note the Business Impact of NDR:

"NDR solutions are valuable tools that assist network security professionals in the detection of compromised endpoints and targeted attacks. These tools have limited native blocking ability, or none at all (because most are implemented outside of the line of traffic), but they offer manual and/or automatic functionality for responding to alerts. Many NDR solutions can also be implemented to detect suspicious activity in IaaS environments."

Furthermore, many security operations teams have adopted the SOC Visibility Triad as a way of broadly defining their security requirements. The triad indicates three foundational data sources for security operations: endpoint data, logs, and network data. With EDR and SIEM already well established in the Slope of Enlightenment, and NDR coming close, the future looks bright for teams pursuing this winning strategy.

To view the complete Hype Cycle for Security Operations, click here.

Discover more

CybersecurityIndustry TrendsCompanyCommunity

Explore related articles

What Are Cloud-Native Security Tools?

February 24, 2020

Learn why truly cloud-native network detection and response must be cloud-delivered, cloud-agnostic, and able to provide cloud intelligence.

CybersecurityCommunityRevealX
Read articleArrow pointing right

SANS 2020 Cloud Security Report | ExtraHop

January 29, 2021

Gain valuable insight into the tooling and migration trends to watch today and in the future with the newest report from the SANS Institute.

Industry TrendsCybersecurityCommunity
Read articleArrow pointing right

ExtraHop Named a Representative Vendor in the 2020 Gartner Market Guide for NDR

June 17, 2020

Get the top takeaways from the 2020 Gartner Market Guide for Network Detection and Response and see ExtraHop as a Representative Vendor.

CybersecurityIndustry TrendsNTANDR
Read articleArrow pointing right

Experience RevealX NDR for Yourself

Schedule a demo
Contact us