KuppingerCole Report
Leadership Compass
By John Tolbert

Network Detection and Response

This report provides an overview of the market for Network Detection and Response tools (NDR) and provides you with a compass to help you to find the solution that best meets your needs. We examine the market segment, vendor service functionality, relative market share, and innovative approaches to providing NDR solutions.

1 Introduction

Commercial, government, and non-profit organizations of all kinds increasingly find themselves under cyber-attacks these days. Ransomware, fraud, cred ...

In terms of responses, NDR solutions can provide dashboards/alerts/reports, display real-time visualizations, allow drilldowns into details, enrich di ...

Login Get full Access

1.1 Market Segment

The NDR market segment has reached a high level of maturity. Many NDR products offer a fairly complete list of features and deliver real value to thei ...

Login Get full Access

1.2 Delivery Models

NDR products require an on-premise presence for customers who have offices, data centers, factories, and other facilities with their own network infra ...

Login Get full Access

1.3 Required and Optional Capabilities

In this report, we are looking for comprehensive solutions that provide at least 7 of the 9 major areas of functionality detailed below. These are typ ...

Login Get full Access

2 Leadership

Selecting a vendor of a product or service must not be only based on the comparison provided by a KuppingerCole Leadership Compass. The Leadership Com ...

Login Get full Access

2.1 Overall Leadership

Based on our rating, we created the various Leadership ratings. The Overall Leadership rating provides a combined view of the ratings for

  • Product ...

The Overall Leaders in NDR are Cisco, Darktrace, FireEye, Kaspersky, Lastline, RSA, Symantec, and Vectra. Many of these are IT security juggernauts wi ...

Login Get full Access

2.2 Product Leadership

Product Leadership is the first specific category examined below. This view is mainly based on the analysis of product/service features and the overal ...

Product Leadership is where we examine the functional strength and completeness of products/services.

We have a large selection of products in the ...

Login Get full Access

2.3 Innovation Leadership

Next, we examine innovation in the marketplace. Innovation is, from our perspective, a key capability in all IT market segments. Customers require i ...

Among those surveyed in this field, many are innovators. Innovation leadership is especially important in cybersecurity because attackers are constant ...

Login Get full Access

2.4 Market Leadership

Lastly, we analyze Market Leadership. This is an amalgamation of the number of customers, number of managed appliances or instances, ratio between c ...

Cisco, Darktrace, FireEye, Kaspersky, RSA, Symantec, and Vectra are the Market Leaders. Although it is not surprising that some of the large vendors a ...

Login Get full Access

3 Correlated View

While the Leadership charts identify leading vendors in certain categories, many customers are looking not only for a product leader, but for a vendor ...

Login Get full Access

3.1 The Market/Product Matrix

The first of these correlated views contrasts Product Leadership and Market Leadership.

Vendors below the line have a weaker market position than expected according to their product maturity. Vendors above the line are sort of “overperf ...

Login Get full Access

3.2 The Product/Innovation Matrix

This view shows how Product Leadership and Innovation Leadership are correlated. It is not surprising that there is a pretty good correlation between ...

Vendors below the line are more innovative, vendors above the line are, compared to the current Product Leadership positioning, less innovative.

The ...

Login Get full Access

3.3 The Innovation/Market Matrix

The third matrix shows how Innovation Leadership and Market Leadership are related. Some vendors might perform well in the market without being Innova ...

Vendors above the line are performing well in the market compared to their relatively weak position in the Innovation Leadership rating; while vendors ...

Login Get full Access

4 Products and Vendors at a Glance

This section provides an overview of the various products we have analyzed within this KuppingerCole Leadership Compass on Network Detection and Respo ...

Login Get full Access

4.1 Ratings at a Glance

Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in Table 1.

Login Get full Access

In addition, we provide in Table 2 an overview which also contains four additional ratings for the vendor, going beyond the product view provided in t ...

Login Get full Access

Table 2 requires some additional explanation regarding the “critical” rating.

In Innovativeness, this rating is applied if vendors provide none or v ...

Login Get full Access

5 Product/Service Evaluation

This section contains a quick rating for every product/service we’ve included in this KuppingerCole Leadership Compass document. For many of the pro ...

Login Get full Access

5.1 Cisco Stealthwatch

Cisco’s entry in NDR is Stealthwatch, the former Lancope, which they acquired in 2015. The sensors are delivered as VMWare virtual appliances and ca ...

Login Get full Access

5.2 Darktrace Enterprise Immune System

Darktrace was founded in 2013 in Cambridge, UK. They are a late stage venture backed company with thousands of deployments and offices around the worl ...

Login Get full Access

5.3 Fidelis Network

Fidelis was founded in 2003 and is headquartered in Bethesda, MD, outside Washington, DC. They are a privately held company. The sensors are delivered ...

Login Get full Access

5.4 FireEye Network Security

FireEye was founded in 2004. The company is headquartered in Milpitas, CA and have offices around the globe. Sensors are delivered as physical or virt ...

Login Get full Access

5.5 Group-IB Threat Detection System (TDS)

Privately held Group IB was founded in 2003 in Moscow but now has global HQ in Singapore. NDR functionality is one part of Group-IB's overall comprehe ...

Login Get full Access

5.6 Gurucul Network Traffic Analysis (NTA)

Gurucul was founded in 2010 and is a privately-owned company headquartered in Los Angeles. Gurucul has a suite of products and services covering cyber ...

Login Get full Access

5.7 HelpSystems Core Network Insight

Minnesota-based HelpSystems acquired CoreSecurity and their Core Network Insight product in 2019. HelpSystems has other security, IAM, and general IT ...

Login Get full Access

5.8 Kaspersky Anti Targeted Attack (KATA)

Kaspersky has been providing cybersecurity solutions for more than two decades. Though headquartered in Russia, Kaspersky has a global presence with t ...

Login Get full Access

5.9 Lastline Defender

Lastline was founded in the Bay Area in 2011. It is a purpose-built NDR solution. It ships as an appliance or virtual appliance (VMWare ESX). AMIs for ...

Login Get full Access

5.10 RSA NetWitness Platform

RSA Security is a longstanding cybersecurity vendor and are in the process of being acquired by Symphony Technology Group. Their headquarters is in Bo ...

Login Get full Access

5.11 Symantec Network Threat Detection

Broadcom is a large IT vendor with a diverse portfolio of security products, including the recently acquired Symantec Enterprise Security Business, wh ...

Login Get full Access

5.12 Vectra Cognito

Vectra was established in 2010 in San Jose, CA. Their NDR suite is composed of Detect, Recall, Sidekick, and Stream products. The solution comes as an ...

Login Get full Access

6 Vendors and Market Segments to Watch

Aside from the vendors covered in detail in this Leadership Compass document, we also observe other vendors in the market that we find interesting. So ...

Login Get full Access

6.1 Awake Security

Awake Security was founded in 2014 in Santa Clara, California. The sensors are delivered as VMWare OVA virtual appliances and are deployed off span/ta ...

Login Get full Access

6.2 BitDefender Network Traffic Security Analytics

BitDefender, a well-known anti-malware vendor headquartered in Bucharest, also has an NDR product. It is a passive mode solution which forwards networ ...

Login Get full Access

6.3 ExtraHop

Seattle-based ExtraHop provides security and analytics services for on-premise networks and cloud. Their Reveal(x) and Reveal(X) Cloud products are th ...

Login Get full Access

6.4 Gigamon ThreatINSIGHT

Gigamon was founded in 2001 in the Bay Area. They started as a network packet broker vendor, and thanks to the acquisition of ICBERG, picked up NDR fu ...

Login Get full Access

Methodology

Copyright

©2020 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded back in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top