Gartner has published their 2020 Market Guide for Network Detection and Response (NDR) where Cisco has been named a representative vendor.

NDR is even more relevant today with the growing network complexity and the evolving attacks. Despite investing a lot in security tools, the reality is that threats are able to get through. So how do you know that your digital enterprise is secure? How can you be sure that the security policies you have set up are doing what they are supposed to?

The solution is continuous network monitoring to detect and respond to threats immediately, before they turn into a high impact incident.

Market evolution

Gartner states, In 2019, Gartner named this market “network traffic analysis.” This year, we renamed it “network detection and response,” because this term more accurately reflects the functionality of these solutions.” 1

Cisco was also a representative vendor in the 2019 Gartner market guide for Network Traffic Analysis (NTA).

Gartner defines NDR as follows:

“NDR solutions primarily use non-signature-based techniques (for example, machine learning or other analytical techniques) to detect suspicious traffic on enterprise networks. NDR tools continuously analyze raw traffic and/or flow records (for example, NetFlow) to build models that reflect normal network behavior. When the NDR tools detect suspicious traffic patterns, they raise alerts. In addition to monitoring north/south traffic that crosses the enterprise perimeter, NDR solutions can also monitor east/west communications by analyzing traffic from strategically placed network sensors.” 1

Cisco Stealthwatch delivers key NDR capabilities

Stealthwatch, Cisco’s NDR solution named in the report, provides enterprise-wide visibility, from the private network to the public cloud, and applies advanced security analytics to detect and respond to threats in real-time. Using a combination of behavioral modeling, machine learning and global threat intelligence powered by Cisco Talos, Stealthwatch can quickly and with high confidence, detect threats such as command and control attacks, ransomware, DDoS attacks, illicit cryptomining, unknown malware, as well as insider threats.

As described in-depth in this blog, Stealthwatch is a market leading NDR solution providing key capabilities named in the report, such as the ability to analyze encrypted traffic for threats, without any decryption. Stealthwatch also provides manual and automated response capabilities. It comes with the Cisco SecureX platform built-in for enhanced investigations and rapid response. Through the integration with Cisco Identity Services Engine (ISE), security teams can immediately take action to remediate the threat across the organization.

But the true validation of the solution comes from satisfied Stealthwatch customers, that has made Stealthwatch the leader in NDR market share2. We invite you to try out the solution yourself with a free 2-week visibility assessment.

Download your complimentary copy of the Gartner 2020 Market Guide for Network Detection and Response here.



  1. Gartner Market Guide for Network Detection and Response, Lawrence Orans, Jeremy D’Hoinne, Josh Chessman, 11 June, 2020.
  2. Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 1Q20 – Gartner, Christian Canales, Naresh Singh, Joe Skorupa, Nat Smith, 29 June 2020


Megha Mehta

Product Marketing Manager, Cisco Stealthwatch

Security Business Group