Content of Figures
- Figure 1 How NDR Works
- Figure 2 Security Monitoring Pyramid
- Figure 3 The Overall Leadership rating for the Network Detection and Response market segment
- Figure 4 Product Leaders in the Network Detection and Response market segment
- Figure 5 Innovation Leaders in the Network Detection and Response market segment
- Figure 6 Market Leaders in the Network Detection and Response market segment
- Figure 7 The Market/Product Matrix
- Figure 8 The Product/Innovation Matrix
- Figure 9 The Innovation/Market Matrix
Commercial, government, and non-profit organizations of all kinds increasingly find themselves under cyber-attacks these days. Ransomware, fraud, cred ...
In terms of responses, NDR solutions can provide dashboards/alerts/reports, display real-time visualizations, allow drilldowns into details, enrich di ...Login Get full Access
1.1 Market Segment
The NDR market segment has reached a high level of maturity. Many NDR products offer a fairly complete list of features and deliver real value to thei ...Login Get full Access
1.2 Delivery Models
NDR products require an on-premise presence for customers who have offices, data centers, factories, and other facilities with their own network infra ...Login Get full Access
1.3 Required and Optional Capabilities
In this report, we are looking for comprehensive solutions that provide at least 7 of the 9 major areas of functionality detailed below. These are typ ...Login Get full Access
Selecting a vendor of a product or service must not be only based on the comparison provided by a KuppingerCole Leadership Compass. The Leadership Com ...Login Get full Access
2.1 Overall Leadership
Based on our rating, we created the various Leadership ratings. The Overall Leadership rating provides a combined view of the ratings for
- Product ...
The Overall Leaders in NDR are Cisco, Darktrace, FireEye, Kaspersky, Lastline, RSA, Symantec, and Vectra. Many of these are IT security juggernauts wi ...Login Get full Access
2.2 Product Leadership
Product Leadership is the first specific category examined below. This view is mainly based on the analysis of product/service features and the overal ...
Product Leadership is where we examine the functional strength and completeness of products/services.
We have a large selection of products in the ...Login Get full Access
2.3 Innovation Leadership
Next, we examine innovation in the marketplace. Innovation is, from our perspective, a key capability in all IT market segments. Customers require i ...
Among those surveyed in this field, many are innovators. Innovation leadership is especially important in cybersecurity because attackers are constant ...Login Get full Access
2.4 Market Leadership
Lastly, we analyze Market Leadership. This is an amalgamation of the number of customers, number of managed appliances or instances, ratio between c ...
Cisco, Darktrace, FireEye, Kaspersky, RSA, Symantec, and Vectra are the Market Leaders. Although it is not surprising that some of the large vendors a ...Login Get full Access
3 Correlated View
While the Leadership charts identify leading vendors in certain categories, many customers are looking not only for a product leader, but for a vendor ...Login Get full Access
3.1 The Market/Product Matrix
The first of these correlated views contrasts Product Leadership and Market Leadership.
Vendors below the line have a weaker market position than expected according to their product maturity. Vendors above the line are sort of “overperf ...Login Get full Access
3.2 The Product/Innovation Matrix
This view shows how Product Leadership and Innovation Leadership are correlated. It is not surprising that there is a pretty good correlation between ...
Vendors below the line are more innovative, vendors above the line are, compared to the current Product Leadership positioning, less innovative.
The ...Login Get full Access
3.3 The Innovation/Market Matrix
The third matrix shows how Innovation Leadership and Market Leadership are related. Some vendors might perform well in the market without being Innova ...
Vendors above the line are performing well in the market compared to their relatively weak position in the Innovation Leadership rating; while vendors ...Login Get full Access
4 Products and Vendors at a Glance
This section provides an overview of the various products we have analyzed within this KuppingerCole Leadership Compass on Network Detection and Respo ...Login Get full Access
4.1 Ratings at a Glance
Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in Table 1.Login Get full Access
In addition, we provide in Table 2 an overview which also contains four additional ratings for the vendor, going beyond the product view provided in t ...Login Get full Access
Table 2 requires some additional explanation regarding the “critical” rating.
In Innovativeness, this rating is applied if vendors provide none or v ...Login Get full Access
5 Product/Service Evaluation
This section contains a quick rating for every product/service we’ve included in this KuppingerCole Leadership Compass document. For many of the pro ...Login Get full Access
5.1 Cisco Stealthwatch
Cisco’s entry in NDR is Stealthwatch, the former Lancope, which they acquired in 2015. The sensors are delivered as VMWare virtual appliances and ca ...Login Get full Access
5.2 Darktrace Enterprise Immune System
Darktrace was founded in 2013 in Cambridge, UK. They are a late stage venture backed company with thousands of deployments and offices around the worl ...Login Get full Access
5.3 Fidelis Network
Fidelis was founded in 2003 and is headquartered in Bethesda, MD, outside Washington, DC. They are a privately held company. The sensors are delivered ...Login Get full Access
5.4 FireEye Network Security
FireEye was founded in 2004. The company is headquartered in Milpitas, CA and have offices around the globe. Sensors are delivered as physical or virt ...Login Get full Access
5.5 Group-IB Threat Detection System (TDS)
Privately held Group IB was founded in 2003 in Moscow but now has global HQ in Singapore. NDR functionality is one part of Group-IB's overall comprehe ...Login Get full Access
5.6 Gurucul Network Traffic Analysis (NTA)
Gurucul was founded in 2010 and is a privately-owned company headquartered in Los Angeles. Gurucul has a suite of products and services covering cyber ...Login Get full Access
5.7 HelpSystems Core Network Insight
Minnesota-based HelpSystems acquired CoreSecurity and their Core Network Insight product in 2019. HelpSystems has other security, IAM, and general IT ...Login Get full Access
5.8 Kaspersky Anti Targeted Attack (KATA)
Kaspersky has been providing cybersecurity solutions for more than two decades. Though headquartered in Russia, Kaspersky has a global presence with t ...Login Get full Access
5.9 Lastline Defender
Lastline was founded in the Bay Area in 2011. It is a purpose-built NDR solution. It ships as an appliance or virtual appliance (VMWare ESX). AMIs for ...Login Get full Access
5.10 RSA NetWitness Platform
RSA Security is a longstanding cybersecurity vendor and are in the process of being acquired by Symphony Technology Group. Their headquarters is in Bo ...Login Get full Access
5.11 Symantec Network Threat Detection
Broadcom is a large IT vendor with a diverse portfolio of security products, including the recently acquired Symantec Enterprise Security Business, wh ...Login Get full Access
5.12 Vectra Cognito
Vectra was established in 2010 in San Jose, CA. Their NDR suite is composed of Detect, Recall, Sidekick, and Stream products. The solution comes as an ...Login Get full Access
6 Vendors and Market Segments to Watch
Aside from the vendors covered in detail in this Leadership Compass document, we also observe other vendors in the market that we find interesting. So ...Login Get full Access
6.1 Awake Security
Awake Security was founded in 2014 in Santa Clara, California. The sensors are delivered as VMWare OVA virtual appliances and are deployed off span/ta ...Login Get full Access
6.2 BitDefender Network Traffic Security Analytics
BitDefender, a well-known anti-malware vendor headquartered in Bucharest, also has an NDR product. It is a passive mode solution which forwards networ ...Login Get full Access
Seattle-based ExtraHop provides security and analytics services for on-premise networks and cloud. Their Reveal(x) and Reveal(X) Cloud products are th ...Login Get full Access
6.4 Gigamon ThreatINSIGHT
Gigamon was founded in 2001 in the Bay Area. They started as a network packet broker vendor, and thanks to the acquisition of ICBERG, picked up NDR fu ...Login Get full Access