BlogFriday, April 30, 2021, marked a watershed moment for the network detection and response category. Darktrace, one of the top three players in the category alongside ExtraHop and Cisco Stealthwatch according to IDC, debuted on the London Stock Exchange.
A few weeks ago, we wrote about how the impending Darktrace IPO was one of the leading indicators that the NDR category is poised to be the next breakout segment of the cybersecurity market. As my colleague Mark Bowling recently said when joining ExtraHop, "Nature hates a vacuum, and true to form, network detection and response is rushing in to fill a huge visibility gap left unaddressed by any other technology on the market today."
Growing Need for Advanced Cybersecurity
To understand the rapid growth of NDR, look to recent events. SUNBURST dominated the news cycle in late 2020, a year that was already marred by rising threats, many of which egregiously targeted vulnerable industries such as healthcare. The events of 2020 proved that advanced cyberthreats are getting bolder and more sophisticated, prompting organizations to rethink their approach to cybersecurity.
As we rolled into 2021, news broke that the REvil attack was responsible for the largest cyber ransom demand to date at $50 million USD. The attack also raised awareness for a jarring new ransomware tactic: Attackers are now combining data exfiltration and encryption to boost leverage, increasing the chances of a payout.
While REvil made history, the attack followed a trend: On average, the entire world is spending more per breach. Research by IBM and the Ponemon Institute found that the global average cost of a data breach is 3.86 million—a figure that has risen 10% over the last five years. To reduce risk, organizations are seeking out tools that can aid faster threat detection and response, helping avoid the high costs associated with a breach.
NDR on Cybersecurity Expert's Radar
As security teams sought out ways to outsmart advanced persistent threats, NDR proved that it's a technology worth its salt. At ExtraHop, we've seen this first hand. We saw how NDR detected SUNBURST indicators of compromise while allowing organizations to respond fast without wading through oceans of log data. We've also seen it effectively stop a ransomware attack very similar to the record-breaking REvil attack.
As an NDR provider, we're clearly biased—but it's not just us. Trusted organizations, including Gartner, have recognized the importance of NDR beyond their early 2019 report on the SOC visibility triad. A recent Gartner blog post named NDR as a defense against sophisticated supply chain attacks like SUNBURST. Gartner has also given NDR a benefit rating of "High" in their priority matrix according to the Hype Cycle for Security Operations, 2020.
For the vendors in the category that offer enterprise scale and capabilities that extend beyond the parameters of NDR, the market opportunity is even greater. Large organizations from financial institutions to technology companies to government entities are quickly waking up to the need to include network intelligence as part of their advanced defense strategy. As these organizations accelerate adoption, NDR vendors that offer scale and visibility across hybrid environments will continue to see strong growth and increased valuations.
