Open main menu
Home
Random
Donate
Recent changes
Special pages
Community portal
Preferences
About Stockhub
Disclaimers
Search
User menu
Talk
Contributions
Create account
Log in
Editing
Darktrace
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Competition remains intense in the network detection and response market === The security industry is seeing a shift from legacy prevention-based security approaches to proactive detection and response technologies. Endpoint security has already undergone this transition, with organizations moving from antivirus (AV) to next-generation AV to Endpoint Detection and Response (EDR) solutions. The move to Network Detection and Response (NDR) is a similar shift on the network, i.e. the next step in the transition from traditional prevention-only security solutions such as Intrusion Detection Systems (IDS) and Intrusion Detection and Prevention Systems (IDPS). NDR vendors offer an integrated set of network traffic monitoring, threat detection, investigation and response capabilities – these vendors provide a broad visibility into an enterprise’s internal network by monitoring and analyzing traffic among users/devices across the enterprise’s digital estate (on-premises, SaaS and cloud). NDR approach to security has gained traction in recent years as this provides an added layer of network visibility without requiring agents to be installed on devices and is invisible to attackers. NDR tools augment the capabilities of security teams by monitoring network traffic in real-time (or near real-time), detecting and prioritizing threats and syncing (via APIs) with other point security solutions (firewalls, network access control, EDR, SIEM/SOAR systems) either to initiate an automated customized response (especially for high-risk incidents/breaches) or for further investigation and threat hunting. Put simply, NDR tools employ unsupervised machine learning to establish a baseline for ‘normal’ network activity and flag deviations from the normal as alerts for further monitoring; supervised machine learning and other tools can then be applied on the flagged alerts to categorize possible threats or malicious activity. NDR tools do not rely only on past threat signatures or indicators of compromise for threat detection and can monitor both north-south and east-west traffic (with proper design of NDR deployments), making these tools a good complement to traditional security solutions such as firewalls and IDS/IPS (which primarily rely on historical threat signatures for detection). NDR vendor offerings overlap with Darktrace’s network portfolio (Enterprise Immune System, Antigena for Network and Cyber AI analyst) – in fact, prior to rolling out solutions for email and endpoint, Darktrace was primarily an NDR vendor. According to Gartner, the NDR market stood at $1.3bn in 2021 (+27% YoY) and is expected to grow at a 4-yr CAGR of 16% reaching $2.4bn by 2025. Darktrace is the leading vendor in this market with 25% share, followed by Cisco (14%), ExtraHop (13%) and Vectra AI (9%). Some other key NDR vendors include FireEye (Trellix), Fidelis, Gigamon, IronNet and RSA Netwitness. '''Figure 12: Network Detection & Response (NDR) market ($. m): CY19-25'''<ref name=":3">Source: Gartner.</ref> [[File:Figure 12.png]] '''Figure 13: Network Detection & Response: CY21 Market share<ref name=":3" />''' [[File:Figure 13.png]]Demand for NDR solutions will likely remain high as enterprises introduce an added layer of network traffic visibility to their layered security stack; however, competition in this space remains intense. There are more than 20 vendors offering NDR solutions ranging from early-/mid-stage start-ups to large, established cybersecurity companies. NDR vendor offerings have also matured with basic capabilities and on-premises/cloud/SaaS coverage provided by most vendors. Further, as enterprises increasingly incorporate NDR as part of their security stack, enterprise awareness of different vendor offerings in this space is likely to increase. In addition, with visibility into a growing portion of enterprise traffic, NDR vendors may face competition from zero trust/secure service edge providers such as Zscaler and Fortinet that may add network traffic analytics as part of an integrated cloud security stack (today, NDR vendors offer integrations to zero trust architectures to capture logs for added visibility). Public cloud players such as Amazon, Microsoft and Google may also make a big push addressing real-time cloud traffic analysis and threat response solutions – Today, these public cloud vendors offer packet mirroring, which allows third-party network traffic analysis tools such as Darktrace to monitor traffic to/from virtual machines. However, given the importance of cloud traffic visibility, this may be brought into the fold of in-built cloud security offered by public cloud vendors in the future.
Summary:
Please note that all contributions to Stockhub may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Stockhub:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)