Just under two years ago, analysts at Gartner published their first report detailing what they called the SOC Visibility Triad, identifying the three foundational technologies required for security visibility: SIEM, endpoint detection and response (EDR), and a third, still nascent category called network detection and response (NDR). In those two short years, NDR has taken off, gaining traction among security professionals and leaders alike for the depth, speed and accuracy of security insight it provides.
1. The NDR Market Is Growing Fast
According to research from Gartner, IDC, Truist and others, the NDR market now exceeds $1 billion and is the second-fastest growing cybersecurity segment behind CASB. In 2020, the market grew at a 24% CAGR, and experts expect CAGR to be 17% or more for each of the next three years.
So why now? According to a recent report from Truist, advances in machine learning capabilities have "broadened the reach of these tools to include enhanced analytical capabilities and response tactics." In addition to the use of sophisticated machine learning models, cloud architectures make it possible to perform extensive real-time analysis on the large volumes of data produced by enterprise networks. Put another way, the technology is starting to realize its potential, and security leaders are taking notice.
2. Analysts Are Taking Notice
In the two years since Gartner first coined the term network detection and response and identified it as core to SOC visibility, industry analysts have devoted more and more research to the classification and adoption of NDR. In 2019, Gartner published its first Market Guide for the category (then referred to by Gartner as Network Traffic Analysis), and followed up with a 2020 Market Guide report. The 2020 Gartner Hype Cycle for Security Operations also covers NDR, identifying the market as being on the rise in terms of mindshare, favorable outlook, and adoption.
In 2020, IDC also published its analysis on the sector for the first time, which the firm refers to network intelligence and threat analytics (NITA). This research examines the size of the market and the market share of the biggest players, which include Darktrace, Cisco, and ExtraHop.
Other analyst firms, including Forrester, ESG, and Truist have also written about the emergence of NDR and its growing role within the enterprise SOC.
3. The Segment's First IPO Has Been Announced.
In April 2021, one of the biggest players in NDR, Darktrace, announced its intent to go public on the London Stock Exchange, targeting a valuation of as much as $4 billion. Should the initial public offering (IPO) go forward, Darktrace will be the first NDR provider to be a publicly traded company with a valuation that reinforces the market opportunity in the space.
While Darktrace will be the first NDR player to IPO, the broader detection and response space, which includes endpoint detection and response, has already seen a number of successful exits. When CrowdStrike went public on the New York stock exchange in June 2019, their share prices soared nearly 100% at times during their trade debut.
As Gartner predicted nearly two years ago, SOC visibility has become a driving force in the cybersecurity market, with vendors that focus on detection and response coming to the forefront as the next generation of cyber defense. At ExtraHop, we're excited to be growing faster than the category, leading with innovation and a customer-focused approach.