Network detection and response (NDR) software is a growing cybersecurity field that allows organizations to monitor networks for suspicious behavior. Network-based attacks have become an increasingly popular attack vector and have created significant adverse impacts, creating the need for robust security.
In 2020, Gartner established the NDR solution category, renaming the previously called “network traffic analysis.” This move helped to evolve the growing importance of network detection response capabilities. NDR machine learning, heuristic analysis, and non-signature-based analytical tools and techniques enable teams to respond to threats and anomalous traffic that other tools may miss. To help protect a user’s network and devices, an organization needs to subdue attacks from multiple angles, which is where an NDR comes in:
1. ExtraHop Reveal(x)
The mission of Seattle-based ExtraHop is to help organizations stop advanced threats with uncompromised security.Â
Reveal(x) key features
- Operates with complete visibility, real-time detection, and intelligent response
- Detects what’s happening in an organization’s cloud environmentÂ
- Threat detection with full context across a hybrid enterprise
- Artificial intelligence (AI)-based detection
- Automated detection, investigation, and response via integration with third-party security tools, such as CrowdStrike and Phantom
- Automated inventory for discovering and classifying network devices
- Peer group detection to sort devices into behavioral groups
User review
“Although I saw the console for the first time, I placed it in the top 10 because the team had put so much thought into the UI as well, and the user experience was awesome since the first day! I’m always impressed by the search features and capabilities; you may utilize the search function to narrow down your analysis down to asset levels of any kind,” says a user at Gartner Peer Reviews.
Honors
Won the 2022 Cyber Security Excellence award
Trial
Get a free trial.
2. Cisco Secure Network Analytics
San Jose, California-based Cisco is leader in the networking market.Â
Cisco Secure Network Analytics key features
- Detects and responds to threats
- Uses machine learning and behavioral modeling
- Cloud-native visibility across major cloud providers, like Amazon Web Services, Microsoft Azure, and Google Cloud
- Visibility across entire network infrastructure with a single solution
- Scans network traffic
- Behavior analysis for detection
- Distributed denial-of-service (DDoS) identification
- Telemetry lets a security team know who is on the network and what they’re doing
User review
“[Cisco Secure Network Analytics] provides detailed information on host incoming as well as outgoing traffic, which helps us to understand exact bandwidth requirement or to prevent any unethical activities going on in organization network,” says a user at TrustRadius.
Honors
Cisco won the SC Media Award for Best Security Company.
Trial
Get a free trial.
3. Darktrace/Network
Based in Cambridge, U.K., Darktrace also has offices in Singapore, San Francisco, and the Netherlands.Â
Darktrace/Network key features
- Self-learning AI to learn what’s typical for an organization
- Neutralizes both known and unknown threats
- Insider threat detection
- A version for industrial systems
- Automatic responses
- Easy-to-understand reports
“Darktrace’s IES provides us with a level of confidence that we would otherwise miss in an ever-evolving threat landscape,” says a user at Gartner Peer Insights.
Honors
The company has won the AI Cyber Product of the Year for the last four years the U.K.’s National Cyber Awards.
Demo
Get a demo.
4. Vectra Platform
Based in San Jose, California, Vectra helps organizations detect, prioritize, investigate, and respond to cyberthreats within seconds of getting attacked.
Vectra Platform key features
- AI-based detection
- Supports hybrid environments
- Playbooks for responses
User review
“The support behind this product is top-notch; they will consistently reach out to make sure functionality is being maintained and if there are any technical hiccups or tuning questions that they would be happy to assist with,” says a user at Gartner Peer Insights.
Honors
Vectra brought home several awards from the SC Awards Europe in 2022, including for Best Behavioral Analytics/Threat Detection.
Demo
Get a demo.
5. Gigamon ThreatINSIGHT
Gigamon is based in Santa Clara, California and offers solutions to some of the top challenges facing online businesses, such as having network detection tools in several locations without whole-enterprise visibility and payment card industry (PCI) compliance requiring all external traffic using TLS version 1.1 or higher.
ThreatINSIGHT key features
- Detect, hunt, and investigate threats using one cloud-based security solution
- Software-as-a-service (SaaS) package
- Secure Sockets Layer (SSL) offloading
- Works with Cisco devices
- Offers use cases for operational tasks, like decommissioning servers or diagnosing switch misconfigurations
- Focus on high-quality detections helps prevent false positives
User review
“Once set up and configured, the implementation is very robust. We have equipment that has been running for years without the need to reboot,” says a user at Gartner Peer Insights.
Honors
Gigamon has won several awards in its space, including being awarded the Silver Globe in the Golden Bridge Business and Innovation Awards.
Demo
Get a free trial.
6. CrowdStrike Falcon Firewall Management
CrowdStrike, based in Austin, Texas, offers straightforward firewall management with reduced complexity.
Falcon Firewall Management key features
- Easily create, enforce, and maintain firewall rules and policies across Windows and macOS environments
- Build new policies based on templates
- Create a firewall rules group once and reuse it in multiple policies
- Quickly propagate changes to the appropriate policies
- Focus on high-quality detections helps prevent false positives
User reviews
4.8 out of 5 overall by reviewers at Gartner Peer Insights.
“CrowdStrike is the market leader in next-generation endpoints security provided via the cloud,” says a user at Gartner Peer Insights.
Honors
CrowdStrike has been recognized for several years by Gartner as a Customers’ Choice for endpoint protection platforms, including 2021.Â
Trial
Get a free trial.
7. Cynamics
Boston-based Cynamics knows that the real problem around the increasingly popular network-based attacks is that these attacks are widespread and costly. The global cost of cybercrime is estimated to reach $10.5 trillion by 2025, according to Cynamics.
Cynamics key features
- Complete network visibility
- Easily integrated with any network size or type
- Uncovers hidden threat patterns in real-time, deploying patented AI technology
- Requires no agents, sensors, or probes for scalability
- Self-managed autonomous technology
User review
“I saw many products, but when I came across Cynamics and saw that they claim to combine AI and deep learning to autonomously detect and analyze patterns using 1% of the traffic and gain 100% visibility, I said this is [too] good to be true. On top of that, no agents. I said I need to give them a shot. Long story short, their claim was on point,” says a user at Gartner Peer Reviews.
Honors
Named TAG Cyber’s Distinguished Vendor in 2022.
Trial
Get a free trial.